os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/en_US.ISO8859-1/captions/2007/meetbsd/brueffer-torprvacy.sbv
Ulrich Spörlein de198ef68d Typo and spelling fixes.
2011-05-15 20:41:31 +00:00

2381 lines
43 KiB
Text
Raw Blame History

0:00:09.649,0:00:15.249
Fortunately my slide will be centered, because
I'll have to change resolutions. I think this works out...
0:00:15.249,0:00:19.310
And, it's about protecting your privacy with FreeBSD and Tor
0:00:19.310,0:00:20.859
and, uh...
0:00:20.859,0:00:21.480
Privacy.
0:00:21.480,0:00:25.859
What I mean here is mostly anonymity
0:00:25.859,0:00:28.889
but there are some other aspects that
0:00:28.889,0:00:34.390
I'll talk about later
0:00:34.390,0:00:36.290
uh, so...
0:00:36.290,0:00:39.500
I want to first talk about who needs anonymity anyway
0:00:39.500,0:00:42.880
Is it just for criminals or some other bad guys, right?
0:00:42.880,0:00:44.209
After this
0:00:44.209,0:00:50.940
anonymization concepts, then Tor. Tor's a, well, a tool
0:00:50.940,0:00:52.870
to, uh...
0:00:52.870,0:00:59.320
anonymize you on the Web. Then I'll talk about what
FreeBSD can do with it
0:00:59.320,0:01:00.430
and what else
0:01:00.430,0:01:01.980
you have to take care of
0:01:01.980,0:01:06.070
when you want to be anonymous on the Web or the Internet
0:01:06.070,0:01:06.650
And uh,
0:01:06.650,0:01:12.280
if time permits I'd like to do a little demonstration
0:01:12.280,0:01:16.970
Ok, so who needs anonymity anyway?
0:01:16.970,0:01:20.510
Anonymity is a pretty vast
0:01:20.510,0:01:22.030
interest to most people
0:01:22.030,0:01:24.740
but it's really important for
0:01:24.740,0:01:26.400
journalists... There was a case in, uh,
0:01:26.400,0:01:28.619
Thailand last year
0:01:28.619,0:01:32.510
when the military coup was going on
0:01:32.510,0:01:38.150
and the journalists in Thailand couldn't really uh
0:01:38.150,0:01:39.830
Journalists couldn't really, uh
0:01:39.830,0:01:43.050
get the information they needed to do their work
0:01:43.050,0:01:45.750
Also, uh, informants
0:01:45.750,0:01:49.100
whistleblowers... people who want to tell you about
0:01:49.100,0:01:52.490
corruption going on in governments and companies
0:01:52.490,0:01:56.460
and don't want to lose their job for it... Dissidents
0:01:56.460,0:01:58.250
Uh, best case
0:01:58.250,0:02:01.610
when in Myanmar
0:02:01.610,0:02:03.750
last few weeks ago
0:02:03.750,0:02:05.290
When the
0:02:05.290,0:02:07.649
all the Buddhists monks were going to the streets and uh,
0:02:07.649,0:02:09.879
the Internet was heavily censored
0:02:09.879,0:02:14.899
It was really dangerous to do anything on the Internet
0:02:14.899,0:02:17.719
So, so umm
0:02:17.719,0:02:20.489
socially sensitive information, like when you want to uh,
0:02:20.489,0:02:23.719
when you were abused
0:02:23.719,0:02:25.769
and want to talk to other people about it
0:02:25.769,0:02:30.039
you don't... naturally you don't want other people to
know who you are
0:02:30.039,0:02:31.840
as it will be very embarrassing
0:02:31.840,0:02:33.779
Also Law Enforcement, ah
0:02:33.779,0:02:38.579
for example, uh, when you want to set up a
0:02:38.579,0:02:41.669
an anonymous tipline for crime reporting
0:02:41.669,0:02:45.810
And uh, also companies that want to, uh
0:02:45.810,0:02:48.079
research competition, as one case that, uh
0:02:48.079,0:02:51.029
that a company went to check the, uh
0:02:51.029,0:02:54.339
website competition and they noticed when they used Tor
0:02:54.339,0:02:58.209
that, uh, they were actually getting a different website
when they
0:02:58.209,0:03:00.829
uh, were coming from the corporate LAN
0:03:00.829,0:03:04.609
than anyone else was getting, so ah,
0:03:04.609,0:03:07.509
it's a good way to, uh,
0:03:07.509,0:03:11.859
check out... competition like this
0:03:11.859,0:03:13.349
Also military
0:03:13.349,0:03:15.679
actually military was one of the, uh
0:03:15.679,0:03:17.479
original
0:03:17.479,0:03:20.510
driving forces behind the
0:03:20.510,0:03:24.319
anonymization research.
0:03:24.319,0:03:26.169
And maybe you
0:03:26.169,0:03:28.799
may have heard of the European Union
0:03:28.799,0:03:30.349
Data Retention Directive?
0:03:30.349,0:03:33.039
Where, umm
0:03:33.039,0:03:35.739
collection data gets stored
0:03:35.739,0:03:41.259
six to twenty-four months? Depends on the limitation
on the different nations
0:03:41.259,0:03:45.069
Two weeks back this was, uh,
0:03:45.069,0:03:47.729
the law was passed in Germany
0:03:47.729,0:03:48.900
So, uh
0:03:48.900,0:03:50.450
from first January on,
0:03:50.450,0:03:52.159
every connection, phone connection,
0:03:52.159,0:03:55.389
SMS, IP connections,
0:03:55.389,0:03:58.480
email, or the dial-in data needs to be stored
0:03:58.480,0:04:00.449
by providers for six months
0:04:00.449,0:04:02.510
And, uh,
0:04:02.510,0:04:05.379
sooner or later it's going to be in Poland as well
0:04:05.379,0:04:07.689
[talking]
0:04:07.689,0:04:14.689
Well, you're part of the Euro Union now, so ah, welcome!
0:04:16.989,0:04:18.529
Okay, uh
0:04:18.529,0:04:21.220
that's a
0:04:21.220,0:04:27.110
Maybe you want to hide what interests you have and uh,
who you talk to, I mean uh,
0:04:27.110,0:04:30.889
like all of you know the Internet isn't very
0:04:30.889,0:04:34.199
secure in the first place so your ISP can see who you're
talking to
0:04:34.199,0:04:37.780
if they bother to find out
0:04:37.780,0:04:40.709
Yeah, and also
0:04:40.709,0:04:46.279
criminals, but they already do illegal stuff and they
don't care about
0:04:46.279,0:04:51.629
doing more illegal stuff to stay anonymous, right? They can
steal people's identities, they can rent botnets or
create them in the first place
0:04:51.629,0:04:53.829
and uh,
0:04:53.829,0:04:54.689
or just
0:04:54.689,0:04:59.689
crack one of the thousands of Windows computers online,
no big deal
0:04:59.689,0:05:02.029
So, uh
0:05:02.029,0:05:05.199
Criminals already do this and uh,
0:05:05.199,0:05:06.360
the normal
0:05:06.360,0:05:13.360
citizens can't do this so...
0:05:14.680,0:05:16.460
So all the groups that need anonymization are very different,
0:05:16.460,0:05:18.330
but they all have the same goal, and uh
0:05:18.330,0:05:20.619
that's also one of the
0:05:20.619,0:05:22.229
key concepts of
0:05:22.229,0:05:22.919
anonymization
0:05:22.919,0:05:24.090
you can't really
0:05:24.090,0:05:25.930
stay anonymous on your own
0:05:25.930,0:05:28.999
you need the help of more people
0:05:28.999,0:05:30.559
and uh,
0:05:30.559,0:05:32.680
the more diverse the group that needs
0:05:32.680,0:05:38.539
anonymity, the better
0:05:38.539,0:05:40.979
Ok, so on to talking about two
0:05:40.979,0:05:42.949
anonymization concepts
0:05:44.539,0:05:51.539
Proxy? Everyone here probably knows how a proxy works,
0:05:52.559,0:05:53.169
LANs connect to the proxy and request
0:05:53.169,0:05:57.290
a website or whatever and the proxy
0:05:57.290,0:06:00.359
just passes it on and pass through
0:06:04.680,0:06:09.329
Proxys are fast and simple but it's really a single point of
failure, like uh,
0:06:09.329,0:06:13.139
when law enforcement or anyone else wants to
uh, know
0:06:13.139,0:06:15.289
who you're talking to they just
0:06:15.289,0:06:19.759
get a subpoena or
0:06:19.759,0:06:22.440
break into the computer room or whatever
0:06:22.440,0:06:26.400
It's pretty easy
0:06:26.400,0:06:30.050
Second anonymization concept is MIX,
0:06:30.050,0:06:32.549
it's really old from nineteen eighty one
0:06:32.549,0:06:35.099
So you can see, uh,
0:06:35.099,0:06:41.150
how long the research in this area is going on
0:06:41.150,0:06:43.150
The MIX is kind of similar to a proxy
0:06:43.150,0:06:47.090
Like, trying to connect to it to send the messages
0:06:47.090,0:06:50.779
and the MIX collects them
0:06:50.779,0:06:54.550
and coalesces them
0:06:54.550,0:06:56.699
Like, it puts them all
0:06:56.699,0:06:58.319
into coming sites and uhm,
0:06:58.319,0:07:00.169
you see here it
0:07:00.169,0:07:03.849
shuffles them. It waits
0:07:03.849,0:07:08.930
until there's enough data in it and just
0:07:08.930,0:07:11.039
shuffles them and sends them back out so
0:07:11.039,0:07:18.039
um, this is to protect against correlation attacks.
0:07:20.219,0:07:22.439
But second in...
0:07:22.439,0:07:23.379
Oh yeah, and
0:07:23.379,0:07:27.879
when you actually put several MIXes uh
0:07:27.879,0:07:31.259
behind them; it's a MIX cascade and uh,
0:07:31.259,0:07:32.149
between mixes is also
0:07:32.149,0:07:35.330
encryption going on, uh, the first
0:07:35.330,0:07:38.349
or the client which
0:07:38.349,0:07:44.069
you could see here if the slides would be centered, uh,
0:07:44.069,0:07:46.029
what else gets the
0:07:46.029,0:07:48.879
public keys of all the mixes
0:07:48.879,0:07:51.160
and encrypts the message first for each of them
0:07:51.160,0:07:54.879
and each mix removes one encryption layer and
0:07:54.879,0:07:59.280
uh, the last one actually passes on the message unencrypted
0:07:59.280,0:08:04.369
and uhm, loop back backwards the same
0:08:04.369,0:08:06.379
So, as you can probably imagine,
0:08:06.379,0:08:11.389
if you wait until you have enough messages, ah, and all
public key encryption
0:08:11.389,0:08:12.280
is going pretty slow
0:08:14.069,0:08:17.939
and uh,
0:08:17.939,0:08:20.360
this concept is mostly used for
0:08:20.360,0:08:22.419
remailers like
0:08:22.419,0:08:26.359
MixMinion, for example uh
0:08:26.359,0:08:28.800
where it's not really a possib... um
0:08:28.800,0:08:32.610
it's not really important
0:08:32.610,0:08:33.979
if the message is a couple of seconds
0:08:33.979,0:08:36.540
late or something, but it's not really
0:08:36.540,0:08:39.870
great for uh, for
0:08:39.870,0:08:41.830
low latency connections,
0:08:41.830,0:08:44.730
like web routing for example
0:08:44.730,0:08:47.060
but what's good about it it's uh
0:08:47.060,0:08:50.500
distributed trust uh,
0:08:50.500,0:08:54.940
just one these MIXes has to be secure to actually
0:08:54.940,0:08:56.840
anonymize the whole connection
0:08:56.840,0:08:58.460
so it's slow but it's
0:08:58.460,0:09:05.460
distributed trust, which is good.
0:09:06.230,0:09:09.930
So, I want to introduce Tor
0:09:09.930,0:09:12.320
Tor stands for The Onion Router.
0:09:12.320,0:09:16.340
It's a concept that is actually built on
0:09:16.340,0:09:17.720
both these concepts
0:09:17.720,0:09:21.340
MIXes and proxies.
0:09:21.340,0:09:22.770
It's a TCP-Overlay network,
0:09:22.770,0:09:24.900
that means you can, uh
0:09:24.900,0:09:25.560
channel any
0:09:25.560,0:09:27.320
TCP connection through it
0:09:27.320,0:09:28.480
theoretically
0:09:28.480,0:09:31.310
Uh, theoretically I will explain
0:09:31.310,0:09:33.790
a couple of slides later
0:09:33.790,0:09:37.040
It provides a SOCKS interface so you don't need any uh,
0:09:37.040,0:09:42.060
special application proxies like any application that uses
SOCKS interface can just
0:09:42.060,0:09:43.370
talk to Tor
0:09:43.370,0:09:48.070
and it's available on, um, all major platforms
0:09:48.070,0:09:53.940
What is uh, especially important it's available in Windows
0:09:53.940,0:09:55.850
Because, uhm, like I said earlier once
0:09:55.850,0:09:57.740
you want a really diverse,
0:09:57.740,0:09:59.560
really diverse group of users
0:09:59.560,0:10:05.250
so you actually need uh,
0:10:05.250,0:10:06.860
the normal user
0:10:06.860,0:10:13.150
not just geeks.
0:10:13.150,0:10:15.160
Um, well it aims to uhm
0:10:15.160,0:10:15.939
combine the positive attributes of
0:10:15.939,0:10:17.480
proxies and MIXes
0:10:17.480,0:10:18.749
Like, proxies are fast, but
0:10:18.749,0:10:20.620
seem prone to failure
0:10:20.620,0:10:21.770
and MIXes
0:10:21.770,0:10:24.590
distributed trust, you want to combine them
0:10:24.590,0:10:29.930
so uh
0:10:29.930,0:10:31.310
Fast, uh, Tor uses not only public key
0:10:31.310,0:10:33.220
encryption but also session keys
0:10:33.220,0:10:35.170
so it's symmetrically encrypted.
0:10:35.170,0:10:37.260
So uh
0:10:37.260,0:10:41.710
all the connection set up is this public key so you just, uh
0:10:41.710,0:10:44.840
authentication and stuff
0:10:44.840,0:10:50.860
And uh, the actual communication that's going on later
is always symmetrically encrypted
0:10:50.860,0:10:54.170
And uh, so it's also TCP multiplexing
0:10:54.170,0:10:55.850
so you can run
0:10:55.850,0:10:58.520
several TCP connections through one
0:10:58.520,0:11:02.220
virtual Tor connection.
0:11:02.220,0:11:05.610
And the design goals are
0:11:05.610,0:11:06.790
yeah
0:11:06.790,0:11:07.880
deployability
0:11:07.880,0:11:09.770
like dums want the user to actually have
0:11:09.770,0:11:12.680
to patch his PC off the Operating System or something
0:11:12.680,0:11:16.070
just be in a... workable state really fast.
0:11:16.070,0:11:19.340
Um, usability,
0:11:19.340,0:11:20.600
so you get the uh,
0:11:20.600,0:11:22.400
normal users
0:11:22.400,0:11:26.850
not just the geeks. Flexibility, uhm
0:11:26.850,0:11:28.310
it's aimed to
0:11:28.310,0:11:29.910
enable more research
0:11:29.910,0:11:32.010
in this whole area.
0:11:32.010,0:11:33.059
So, uh
0:11:33.059,0:11:34.679
the protocol Tor users
0:11:34.679,0:11:37.890
should be really flexible
0:11:37.890,0:11:42.110
And uh, for simplicity it's a security application and
0:11:42.110,0:11:45.900
well complexity doesn't play well with uh,
0:11:45.900,0:11:52.070
security
0:11:52.070,0:11:53.190
So, this uh,
0:11:53.190,0:11:55.300
it's how Tor works, more or less
0:11:55.300,0:11:58.800
Dave is uh, a directory server,
0:11:58.800,0:12:03.160
it uh, caches information about the network state
0:12:03.160,0:12:08.130
and uh, which Tor servers are available in the network
0:12:08.130,0:12:09.490
and uh
0:12:09.490,0:12:10.930
Alice downloads
0:12:10.930,0:12:14.740
this whole list from Dave
0:12:14.740,0:12:18.940
you see the Tor nodes with the plus here?
0:12:18.940,0:12:21.020
Through this random
0:12:21.020,0:12:22.790
tree of service
0:12:22.790,0:12:23.910
when she wants to talk to Jane
0:12:23.910,0:12:30.380
for example
0:12:30.380,0:12:34.280
The first one is the entry node, middleman nodes, and the
uh exit nodes, I will leave these for later
0:12:34.280,0:12:41.000
uh, so this
0:12:41.000,0:12:43.990
Alice talks to the entry node
0:12:43.990,0:12:47.550
there's a connection that is going on and is public key
encrypted
0:12:47.550,0:12:51.330
and they establish a session key and same
0:12:51.330,0:12:53.090
thing goes on
0:12:53.090,0:12:58.520
between these two and these two so they can communicate
later on
0:12:58.520,0:12:59.780
What's really important here
0:12:59.780,0:13:00.629
is the last connection here
0:13:00.629,0:13:03.090
is actually unencrypted.
0:13:03.090,0:13:05.240
I will talk about it later
0:13:05.240,0:13:06.610
So it has to be unencrypted
0:13:06.610,0:13:13.610
so you can actually get your request through
0:13:20.690,0:13:22.700
This is a virtual circuit
0:13:22.700,0:13:24.490
that gets established and uh
0:13:24.490,0:13:29.190
every, every
0:13:29.190,0:13:31.340
ten minutes
0:13:31.340,0:13:32.450
a new circuit is built
0:13:32.450,0:13:37.250
when a new website, when a new request comes through, so uh
0:13:37.250,0:13:40.080
this one stays, all these connections above stay
0:13:40.080,0:13:41.940
in this circuit
0:13:41.940,0:13:43.630
and after ten
0:13:43.630,0:13:45.410
when after ten minutes, ah
0:13:45.410,0:13:52.410
Alice wants to talk to Jane, a new circuit is built
0:13:53.610,0:13:55.410
and uh, this is important
0:13:55.410,0:13:56.920
to get strong
0:13:56.920,0:13:57.710
anonymity
0:13:57.710,0:14:00.220
in case one connection is compromised, for example.
0:14:00.220,0:14:01.600
And these ten minutes
0:14:01.600,0:14:04.490
are really an arbitrary value,
0:14:04.490,0:14:08.560
you can choose anything
0:14:08.560,0:14:10.660
you have to do the research
0:14:10.660,0:14:11.970
which value is best and so
0:14:11.970,0:14:18.970
ten minutes is compromised.
0:14:19.840,0:14:22.240
With Tor you get exit policies,
0:14:22.240,0:14:24.640
this is important for the exit node
0:14:24.640,0:14:27.880
the one which actually sends the uh,
0:14:27.880,0:14:30.410
original request to the destination server
0:14:30.410,0:14:31.670
and huh
0:14:31.670,0:14:32.839
you can control which
0:14:32.839,0:14:34.220
TCP connections you want
0:14:34.220,0:14:39.180
to allow from your own node if you want
0:14:39.180,0:14:41.000
As default policy which uh
0:14:41.000,0:14:43.610
blocks SMTP and NNTP to prevent uh
0:14:43.610,0:14:48.080
spamming and all stuff
0:14:48.080,0:14:49.060
but you can actually allow
0:14:49.060,0:14:51.970
SMTP if you want
0:14:51.970,0:14:54.070
and there's some other ports blocked
0:14:54.070,0:14:56.170
but the rest of it works so
0:14:56.170,0:14:57.900
HTTP SSH
0:14:57.900,0:15:01.630
all the important stuff
0:15:01.630,0:15:05.250
that you would want to anonymize just works
0:15:05.250,0:15:10.290
and uh, if you uh
0:15:10.290,0:15:13.050
this is important for uh, if you
0:15:13.050,0:15:18.540
want to run you own node, uh
0:15:18.540,0:15:19.220
what kind of node you actually want to run
0:15:19.220,0:15:24.120
if you look at the picture, uh earlier
0:15:24.120,0:15:31.120
there's these three different nodes: entry node,
middleman node, and exit node
0:15:32.400,0:15:34.180
and uh, which node you want to run
0:15:34.180,0:15:36.780
depends on how many problems you want afterwards
0:15:36.780,0:15:39.590
I will talk about it later uh
0:15:39.590,0:15:40.970
this one,
0:15:40.970,0:15:46.950
the exit node actually forwards the uh, requested date, uh
0:15:46.950,0:15:47.700
depends upon what
0:15:47.700,0:15:51.570
what the user actually uh wants, that's
0:15:51.570,0:15:52.830
if the user uh
0:15:52.830,0:15:58.020
Alice in this case uh
0:15:58.020,0:16:02.080
insults someone out on a web forum, then uh the uh
0:16:02.080,0:16:03.470
administrator of the forum will see the IP address
0:16:03.470,0:16:05.340
of the
0:16:05.340,0:16:11.230
exit node in his logs and not the one
0:16:11.230,0:16:15.330
of Alice so uh he's going to have the problems later on
0:16:15.330,0:16:18.250
so I will talk about it later
0:16:18.250,0:16:21.600
but you have to keep this in mind
0:16:21.600,0:16:28.600
And uh, keep up everything and uh we can play the role of
entry nodes and middleman nodes
0:16:30.170,0:16:37.170
which is also important
0:16:39.130,0:16:42.930
Special feature of Tor are hidden services
0:16:42.930,0:16:45.850
these are services which can be
0:16:45.850,0:16:46.990
accessed
0:16:46.990,0:16:49.420
without having the IP address of them
0:16:49.420,0:16:50.960
so uh
0:16:50.960,0:16:56.300
you can't really find them physically
0:16:56.300,0:16:57.880
So if you want to run a
0:16:57.880,0:16:59.720
hidden service you can do it from anywhere
0:16:59.720,0:17:01.850
You can even do it from inside this private network here
0:17:01.850,0:17:05.950
You can set up a service and everyone in the outside world
can actually access it
0:17:05.950,0:17:07.770
even if you don't have the rights to do
0:17:07.770,0:17:11.330
port forwarding or something
0:17:11.330,0:17:13.580
uh, this is really important to, uh
0:17:13.580,0:17:15.690
resist Denial of Service, for example
0:17:15.690,0:17:20.160
Because every uh,
0:17:20.160,0:17:20.519
every client that wants to
0:17:20.519,0:17:22.829
access the service uh,
0:17:22.829,0:17:25.700
gets a different route in the network
0:17:25.700,0:17:26.529
and uh, it's hard
0:17:26.529,0:17:28.460
to actually uh
0:17:28.460,0:17:31.970
DOS it. And it's also important to
0:17:31.970,0:17:33.610
resist censorship
0:17:33.610,0:17:38.510
And the addresses look like this:
0:17:38.510,0:17:43.280
it's really a hash of a public key
0:17:43.280,0:17:47.340
and each hidden service is actually, well, identified
0:17:47.340,0:17:53.300
by a public key
0:17:53.300,0:17:59.000
This how it works, uhm, yet Alice the client
0:17:59.000,0:18:02.170
and the hidden server, Bob.
0:18:02.170,0:18:04.120
And if Bob wants to, uh,
0:18:04.120,0:18:07.640
wants to set up a service,
0:18:07.640,0:18:08.159
he chooses three introduction points
0:18:08.159,0:18:09.899
out of the whole mass
0:18:09.899,0:18:11.920
of Tor servers.
0:18:11.920,0:18:18.920
And Bob has the public key to identify the service,
and uh he sends
0:18:22.530,0:18:26.860
this public key and the list of three introduction
points to the directory server.
0:18:26.860,0:18:28.740
Now Alice wants to uh,
0:18:28.740,0:18:31.610
connect to Bob, the first the first thing she does
0:18:31.610,0:18:34.480
is download this
0:18:34.480,0:18:38.910
this list with the introduction points and the uh
0:18:38.910,0:18:45.910
public key from the directory server. After that, uh
0:18:50.120,0:18:54.299
she chooses one of the uh introduction points
0:18:54.299,0:18:55.930
and uh,
0:18:55.930,0:19:02.920
posts a circle rendezvous cookie there. A piece of
data so uh, she can, uh
0:19:02.920,0:19:05.480
identify herself
0:19:05.480,0:19:06.900
and uh, she also
0:19:06.900,0:19:07.860
gives the introduction point
0:19:07.860,0:19:14.500
the address of her random rendezvous point that
Alice has chosen
0:19:14.500,0:19:18.550
so what happens then is uh, Bob notices that uh,
0:19:18.550,0:19:23.760
some data has been stored in the introduction point
0:19:23.760,0:19:28.160
and Alice and Bob uh,
0:19:28.160,0:19:31.230
make a rendezvous point, and
0:19:31.230,0:19:34.940
Bob uses this, this uh
0:19:34.940,0:19:36.700
rendezvous cookie to
0:19:36.700,0:19:38.180
actually identify himself on the rendezvous point
0:19:38.180,0:19:39.990
and after that
0:19:39.990,0:19:46.990
all the connection of data runs through this rendezvous point.
0:19:50.870,0:19:53.180
uh, if time permits I'll actually uh,
0:19:53.180,0:19:54.710
set up a rendezvous
0:19:54.710,0:19:55.960
a hidden service here
0:19:55.960,0:19:59.120
so you can actually see how it works
0:19:59.120,0:20:06.120
I'll also demonstrate Tor, like I said
0:20:08.800,0:20:09.770
uh, there's some legal issues to be uhm
0:20:09.770,0:20:12.450
recognized, uh. As you can imagine, Tor may be
forbidden in some
0:20:12.450,0:20:14.880
countries; especially totalitarian countries
0:20:14.880,0:20:17.530
which censor the Internet anyway
0:20:17.530,0:20:18.719
and uh,
0:20:18.719,0:20:21.030
you may get into trouble for using Tor
0:20:21.030,0:20:25.580
practically, anyone knows this
0:20:25.580,0:20:27.580
there can be crypto restrictions
0:20:27.580,0:20:29.070
for example Great Britain, the uh
0:20:29.070,0:20:33.200
RIPA act, I'm not even sure what it stands for
0:20:33.200,0:20:36.140
but basically says that uh,
0:20:36.140,0:20:37.510
if the government wants,
0:20:37.510,0:20:40.410
then you have to give up your crypto keys
0:20:40.410,0:20:42.910
so they can decrypt it later
0:20:42.910,0:20:47.860
and uh, yeah, it's not really great
0:20:47.860,0:20:50.010
and actually last week was the first case
0:20:50.010,0:20:52.890
when this was actually used in
0:20:52.890,0:20:56.600
Great Britain
0:20:56.600,0:21:00.720
Uh, there can be special laws like in Germany
0:21:00.720,0:21:03.480
sort of like a hacker paragraph
0:21:03.480,0:21:06.990
It's just a nickname, it has some cryptic legal name
0:21:06.990,0:21:07.940
uh, in reality
0:21:07.940,0:21:11.090
and it says that uh
0:21:11.090,0:21:14.570
you're liable if you, uh,
0:21:14.570,0:21:17.360
if you give people access to tools
0:21:17.360,0:21:20.020
that they can use to uh,
0:21:20.020,0:21:22.270
well, to do illegal stuff.
0:21:22.270,0:21:23.630
More or less.
0:21:23.630,0:21:27.080
It's really uh,
0:21:27.080,0:21:29.080
not concrete and no one really...
0:21:29.080,0:21:30.440
it could uh,
0:21:30.440,0:21:31.929
it could
0:21:31.929,0:21:36.669
restrict anything. From a map to a
0:21:36.669,0:21:39.210
to God know what Network tools.
0:21:39.210,0:21:40.880
and uh
0:21:40.880,0:21:43.559
But it was actually, it was actually passed so no one
really knows
0:21:43.559,0:21:45.510
what's the, uhm
0:21:45.510,0:21:46.490
what's really
0:21:46.490,0:21:50.260
restrict by it. So Tor could be restricted
0:21:50.260,0:21:55.590
by it, because it could really enable people to do
illegal stuff,
0:21:55.590,0:21:58.640
but no one really knows
0:21:58.640,0:22:00.990
and uh, the biggest Tor
0:22:00.990,0:22:02.250
problem is
0:22:02.250,0:22:07.480
that, uh
0:22:07.480,0:22:10.180
when uh, when it actually gets sent to a Tor network
0:22:10.180,0:22:13.210
the uh, the
0:22:13.210,0:22:14.669
IP address that
0:22:14.669,0:22:16.210
gets sent
0:22:16.210,0:22:17.220
well that's what the destination server
0:22:17.220,0:22:19.090
actually sees
0:22:19.090,0:22:21.200
is one of the exit nodes.
0:22:21.200,0:22:22.380
So when, uh
0:22:22.380,0:22:23.740
when a client
0:22:23.740,0:22:26.090
actually causes trouble,
0:22:26.090,0:22:26.950
then the one
0:22:26.950,0:22:29.790
that gets into trouble
0:22:29.790,0:22:32.460
is the exit nodes provider. And uh,
0:22:32.460,0:22:33.560
so stuff that gets done
0:22:33.560,0:22:38.620
for torment purpose like sending ransom mails or uh,
0:22:38.620,0:22:40.480
distributing illegal stuff
0:22:40.480,0:22:42.040
and it, this all happened
0:22:42.040,0:22:43.500
and, if you are
0:22:43.500,0:22:46.460
unlucky as an exit node operator
0:22:46.460,0:22:47.109
your server gets seized or something
0:22:47.109,0:22:52.059
and uh,
0:22:52.059,0:22:55.530
that's random stuff that can happen
0:22:55.530,0:22:56.540
So uh,
0:22:56.540,0:22:59.559
as an exit nodes provider you can get
0:22:59.559,0:23:03.690
letters from Law Enforcement agencies, and uh
0:23:03.690,0:23:05.649
What are you doing there?
0:23:05.649,0:23:06.830
Maybe some illegal stuff?
0:23:06.830,0:23:10.040
And you have to explain to them that you are
0:23:10.040,0:23:12.260
providing Tor server and
0:23:12.260,0:23:13.980
it wasn't you
0:23:13.980,0:23:15.120
and stuff.
0:23:15.120,0:23:18.020
For example the FBI
0:23:18.020,0:23:19.960
in America
0:23:19.960,0:23:23.580
actually knows what you're talking about when you tell them
0:23:23.580,0:23:24.580
that you're using Tor...
0:23:24.580,0:23:26.019
so, uh
0:23:26.019,0:23:26.600
they won't bother.
0:23:26.600,0:23:28.810
But in Germany the uh,
0:23:28.810,0:23:34.830
Law Enforcement agencies, actually are, so so
0:23:34.830,0:23:41.440
depends on what kind of guy you're actually talking to
0:23:41.440,0:23:47.120
So what's... What kind of role plays FreeBSD here?
0:23:47.120,0:23:51.880
uh, FreeBSD is really well suited as a Tor node, uh
0:23:51.880,0:23:55.490
when you're operating the client you just want to use the
network, uh
0:23:55.490,0:23:57.830
it doesn't matter what kind of system you use
0:23:57.830,0:23:59.150
and it shouldn't matter
0:23:59.150,0:24:00.830
This is one of the, uh
0:24:00.830,0:24:03.130
like I said earlier one of the design
0:24:03.130,0:24:05.500
criteria of Tor
0:24:05.500,0:24:08.610
so it doesn't matter if you're using Windows or FreeBSD.
0:24:08.610,0:24:09.929
But if you're using the Tor
0:24:09.929,0:24:14.290
as actually uh,
0:24:14.290,0:24:17.320
the security of others depends on your node
0:24:17.320,0:24:20.690
and uh,
0:24:20.690,0:24:22.950
when you're operating a node is important to
0:24:22.950,0:24:25.310
have Operational Security
0:24:25.310,0:24:25.980
and Jails
0:24:25.980,0:24:27.550
are really great for this,
0:24:27.550,0:24:29.980
so you can run a Tor server in Jail.
0:24:29.980,0:24:32.950
It's also Disk and Swap encryption
0:24:32.950,0:24:38.010
which is important, especially the swap encryption. And uh,
0:24:38.010,0:24:39.390
there's also audit
0:24:39.390,0:24:40.740
and the MAC framework
0:24:40.740,0:24:43.780
when you want to run your installation
0:24:43.780,0:24:46.220
What's also nice,
0:24:46.220,0:24:46.659
Tor servers do a lot of public key encryption
0:24:46.659,0:24:48.440
and it's pretty slow
0:24:48.440,0:24:49.480
so it's great to have
0:24:49.480,0:24:54.750
hardware acceleration for this.
0:24:54.750,0:24:56.160
And uh, probably the biggest feature:
0:24:56.160,0:25:03.160
Well maintained Tor-related ports.
0:25:04.060,0:25:07.390
There is the main port, security/Tor
0:25:07.390,0:25:11.370
Which is a client and server if you want to run
0:25:11.370,0:25:13.610
a network node, or just a client.
0:25:13.610,0:25:15.210
There's tor-devel
0:25:15.210,0:25:16.450
and these are really up to date, uhm
0:25:16.450,0:25:22.830
Tor development happens really fast
0:25:22.830,0:25:23.710
and the ports get updated
0:25:23.710,0:25:30.710
pretty soon after a release is made.
0:25:32.050,0:25:39.050
There's Privoxy, which is an uhm web proxy and uhm,
we'll use it later when we do the demonstration
0:25:41.320,0:25:44.310
And there's net management Vidalia which is a
graphical frontend
0:25:44.310,0:25:47.200
also for Windows
0:25:47.200,0:25:48.260
and, uhm
0:25:48.260,0:25:53.929
there's trans-proxy-tor
0:25:53.929,0:25:58.650
which enables you to actually
0:25:58.650,0:25:59.560
uhm, well there's some
0:25:59.560,0:26:02.080
badly written applications out there
0:26:02.080,0:26:05.280
that do stuff that's
0:26:05.280,0:26:07.510
that makes it hard for Tor to
0:26:07.510,0:26:08.860
anonymize them
0:26:08.860,0:26:10.810
and you can use trans-proxy-tor
0:26:10.810,0:26:15.510
to tunnel such connections through the Tor network.
0:26:15.510,0:26:20.580
We'll actually talk about them in the next slide.
0:26:20.580,0:26:24.960
Yeah. What else do you need to take care of
besides running Tor?
0:26:24.960,0:26:27.130
Uh, there's name resolution, uh...
0:26:27.130,0:26:28.760
Some applications just
0:26:28.760,0:26:30.500
bypass the configured proxy
0:26:30.500,0:26:34.500
for example Firefox versions below version 1.5,
0:26:34.500,0:26:35.700
which send every data,
0:26:35.700,0:26:38.320
all data through the proxy
0:26:38.320,0:26:38.909
but not
0:26:38.909,0:26:40.880
DNS requests
0:26:40.880,0:26:44.380
so they actually result in mistrust
0:26:44.380,0:26:46.450
and uh, so yeah
0:26:46.450,0:26:49.280
the connection is actually anonymized
0:26:49.280,0:26:51.080
but the DNS server
0:26:51.080,0:26:52.250
really knows
0:26:52.250,0:26:53.870
uh, who you were talking to
0:26:53.870,0:27:00.870
and this is really the intention of Tor, but uh,
newer versions actually takes.
0:27:03.130,0:27:04.240
Uh, there's the usual
0:27:04.240,0:27:09.990
cookies, web-bugs, referrer and stuff, uhm
0:27:09.990,0:27:11.800
which uh,
0:27:11.800,0:27:13.530
sites can use to check which
0:27:13.530,0:27:20.530
websites you're visiting, and it's just the
usual disabling stuff
0:27:20.549,0:27:23.250
Privoxy is a great tool to
0:27:23.250,0:27:28.160
normalize HTTP traffic.
0:27:28.160,0:27:30.010
And it's also great to uhm, well filter off advertising
0:27:30.010,0:27:36.370
and stuff.
0:27:36.370,0:27:38.660
This should be really obvious
0:27:38.660,0:27:41.110
but apparently is not. Uhm,
0:27:41.110,0:27:43.770
There's so many people who don't realize
0:27:43.770,0:27:44.700
that the last connection
0:27:44.700,0:27:46.380
chain is actually unencrypted
0:27:46.380,0:27:50.900
if you're using, uh
0:27:50.900,0:27:53.250
if you're not using a secure protocol.
0:27:53.250,0:27:54.100
So,
0:27:54.100,0:27:56.440
people actually uhm,
0:27:56.440,0:27:59.430
get their mail through POP3 or something
0:27:59.430,0:28:04.870
and the exit nodes can just run desniff and sniff
out all the passwords.
0:28:04.870,0:28:11.870
And it's really surprising how many people uh, do this.
0:28:13.450,0:28:16.700
So, lesson learned: use secure protocols.
0:28:16.700,0:28:18.220
There are also other services that require
0:28:18.220,0:28:20.630
registration, for example,
0:28:20.630,0:28:22.040
with your e-mail address or
0:28:22.040,0:28:23.640
personal
0:28:23.640,0:28:25.360
data
0:28:25.360,0:28:27.590
and uh, well
0:28:27.590,0:28:28.620
if you're using Tor and you
0:28:28.620,0:28:35.620
actually log on to one of those services, Tor can help you
0:28:40.850,0:28:42.440
So, once I actually demonstrate how
0:28:42.440,0:28:49.440
this all works.
0:29:13.550,0:29:15.520
Uh, I've installed Tor and
0:29:15.520,0:29:22.520
Privoxy on this system
0:29:24.810,0:29:27.180
Config files are on the usual places.
0:29:27.180,0:29:34.180
And if you read this, this little... small...
Is this alright?
0:29:46.950,0:29:50.600
So there is this torrc sample file
0:29:50.600,0:29:57.600
which we can use
0:30:07.020,0:30:08.370
so this
0:30:08.370,0:30:10.340
there's the usual commands and stuff
0:30:10.340,0:30:11.030
and this,
0:30:11.030,0:30:15.720
much stuff that we don't need for the moment
0:30:15.720,0:30:19.840
there's this uh,
0:30:19.840,0:30:24.220
SOCKS port and SOCKS listen address information
0:30:24.220,0:30:31.220
that just
0:30:32.770,0:30:34.659
tells you where to connect your uh,
0:30:34.659,0:30:36.679
your proxy to
0:30:36.679,0:30:38.200
so this is the information that we use in Privoxy to
0:30:38.200,0:30:41.450
access Tor.
0:30:41.450,0:30:42.190
Uhm,
0:30:42.190,0:30:45.320
all we have to do to actually use Tor is
0:30:45.320,0:30:48.970
copy over the config file.
0:30:48.970,0:30:55.970
Start the service
0:31:04.110,0:31:10.570
so, it tells us it's running... Now we have to
0:31:10.570,0:31:12.350
take a look at Privoxy
0:31:20.880,0:31:25.120
There's also lots of stuff that we don't need
right now
0:31:25.120,0:31:30.360
What we need is the uh,
0:31:30.360,0:31:31.740
we need to tell
0:31:31.740,0:31:33.809
Privoxy uh,
0:31:33.809,0:31:40.809
where to send connection requests.
0:31:51.740,0:31:53.659
Ok, I've actually entered this earlier
0:31:53.659,0:31:54.860
uhm,
0:31:54.860,0:31:58.700
all it says is uh,
0:31:58.700,0:32:03.490
forward all requests to
0:32:03.490,0:32:10.490
the uh, SOCKS client
0:32:13.020,0:32:20.020
So we just start
0:32:34.120,0:32:38.870
Ok, so we are all set
0:32:38.870,0:32:40.480
Now we can just do
0:32:40.480,0:32:47.480
everything with our browser
0:32:50.790,0:32:52.029
Startup time sucks a bit
0:32:52.029,0:32:59.029
because of my external drive
0:33:06.860,0:33:08.070
okay, uh
0:33:08.070,0:33:11.470
proxy settings
0:33:11.470,0:33:16.140
we just put in our Privoxy server
0:33:16.140,0:33:23.140
which listens on port 3128, hopefully, or doesn't?
Oh, 8108, that's it.
0:33:47.360,0:33:49.060
Ok, so every
0:33:49.060,0:33:56.060
connection we want to make should actually be routed
through the Tor network
0:33:56.820,0:33:58.880
uhm, this is going to take a little bit,
0:33:58.880,0:34:01.950
Because all the route selection needs to be done
0:34:01.950,0:34:08.950
all the public crypto, there's also network latency
0:34:13.059,0:34:14.539
Once the connections are actually setup
0:34:14.539,0:34:17.789
it's pretty fast, not like this
0:34:17.789,0:34:21.159
and it's uh, really dependent upon uh,
0:34:21.159,0:34:21.419
which
0:34:21.419,0:34:23.059
kind of nodes you get
0:34:23.059,0:34:26.669
if you have a node that is running a modem then,
0:34:26.669,0:34:33.669
you'll have problem, it's really slow
0:34:36.099,0:34:42.989
Ok, while waiting
0:34:42.989,0:34:45.319
we can actually take a look
0:34:45.319,0:34:52.319
at how our hidden service is configured
0:34:59.699,0:35:03.369
There's some lines for the Tor config file
0:35:03.369,0:35:07.439
the routing services
0:35:07.439,0:35:14.219
Ok, so you can see here hidden services here and
hidden service port
0:35:14.219,0:35:19.369
as I said, the hidden service is identified by a
public key, and uh, if you
0:35:19.369,0:35:22.159
uncomment this stuff,
0:35:22.159,0:35:24.999
and uh,
0:35:24.999,0:35:26.619
we start Tor
0:35:26.619,0:35:28.249
quickly
0:35:28.249,0:35:31.690
generate a public key and put it into the start tree
0:35:31.690,0:35:38.690
and it will, uh, well it actually says to uh,
0:35:40.659,0:35:47.659
where this omni address earlier,
0:35:48.549,0:35:49.539
we'll just
0:35:49.539,0:35:56.539
route every connection through this address to this
local nodes line
0:36:02.119,0:36:07.199
This could be the case that uh,
0:36:07.199,0:36:08.640
that an exit node
0:36:08.640,0:36:11.599
doesn't uh,
0:36:11.599,0:36:18.599
allow DNS
0:36:19.779,0:36:22.900
Ok, this is typical that when you want to show stuff
it doesn't work
0:36:22.900,0:36:25.369
It worked earlier, so uh, it's not the network's fault
0:36:25.369,0:36:27.619
let's uh,
0:36:27.619,0:36:31.609
back to the hidden services
0:36:31.609,0:36:38.609
So we actually need to
0:36:39.230,0:36:46.230
change this
0:36:51.170,0:36:55.099
The default directory in FreeBSD is /var/db/tor
0:36:55.099,0:36:57.909
and uh,
0:36:57.909,0:37:03.249
and when we start Tor it will actually, uh
0:37:03.249,0:37:07.499
create the service directory
0:37:07.499,0:37:11.789
by itself. It's also a web server listening on port 80
on localhost
0:37:11.789,0:37:13.889
so we can
0:37:13.889,0:37:20.889
and hopefully will be able to see it later on
0:37:45.849,0:37:48.529
Okay, so let's see if
0:37:48.529,0:37:49.679
this stuff is already
0:37:49.679,0:37:56.679
actually created.
0:38:02.829,0:38:03.790
Ok, so you have
0:38:03.790,0:38:05.069
two parts in this directory
0:38:05.069,0:38:11.650
hostname and private key. Private key is uh,
self-explanatory
0:38:11.650,0:38:14.739
and the hostname is actually what you give to people
if you want to
0:38:14.739,0:38:21.739
to publish your service
0:38:33.319,0:38:36.039
This is actually less likely to work right now
0:38:36.039,0:38:40.059
because it takes some time for Tor to choose these
0:38:40.059,0:38:41.639
introduction points,
0:38:41.639,0:38:44.880
send all this stuff to directory services
0:38:44.880,0:38:47.369
It takes time for directory services to sync up
0:38:47.369,0:38:54.329
and actually distribute information to the clients
0:38:54.329,0:39:00.789
and when we want to access the service, we actually put
this address into the uh,
0:39:00.789,0:39:03.889
the address line, and uh,
0:39:03.889,0:39:05.069
Tor knows how to
0:39:05.069,0:39:12.069
deal with this uh, the Onion top-level domain, so uh
0:39:15.410,0:39:22.410
this usually actually works. Let's see what's going on here...
0:39:33.499,0:39:35.049
Well, like I said
0:39:35.049,0:39:37.529
this one will take a while and
0:39:37.529,0:39:40.450
what's going on with the other one? I can actually see
0:39:40.450,0:39:45.039
But uh,
0:39:45.039,0:39:47.850
usually you can just go to one of these server websites
0:39:47.850,0:39:50.209
that tell you your IP address, and
0:39:50.209,0:39:52.899
Google is a fair example
0:39:52.899,0:39:56.709
you can go to Google and Google will get you a
0:39:56.709,0:40:00.589
localized web page.
0:40:00.589,0:40:02.879
For example, when you are from Germany, and you go to
0:40:02.879,0:40:04.099
google.com, you get a German webpage
0:40:04.099,0:40:07.379
and if you're using Tor and you go to Google,
0:40:07.379,0:40:09.679
it depends
0:40:09.679,0:40:10.319
upon where your exit point is located
0:40:10.319,0:40:11.859
for example,
0:40:11.859,0:40:14.029
if it is in the Netherlands,
0:40:14.029,0:40:21.029
you get a Dutch Google, which is uh, pretty cool.
0:40:23.329,0:40:25.549
So uh,
0:40:25.549,0:40:27.419
I'll have to take a look later
0:40:27.419,0:40:28.829
while I'm working
0:40:28.829,0:40:35.829
So let's just, continue for a moment
0:40:38.569,0:40:41.009
Ok, to summarize, uh
0:40:41.009,0:40:44.799
Tor is actually useful if
0:40:44.799,0:40:51.799
you want to be hidden on the net. If it actually works.
Not in this case, uh
0:40:55.519,0:40:59.339
Tor is usually pretty cool to offer services from anywhere
0:40:59.339,0:41:00.410
so theoretically
0:41:00.410,0:41:02.509
it should work
0:41:02.509,0:41:03.549
that I
0:41:03.549,0:41:06.049
publish my hidden service around here
0:41:06.049,0:41:10.429
and anyone in the world that's connected to the Tor network
can actually access it
0:41:10.429,0:41:12.169
and uh
0:41:12.169,0:41:14.799
FreeBSD is a pretty cool platform for Tor
0:41:14.799,0:41:18.819
Because it has very nice
0:41:18.819,0:41:21.779
security features like jail
0:41:21.779,0:41:23.949
and if you want to run a Tor node
0:41:23.949,0:41:25.899
and uh,
0:41:25.899,0:41:27.949
tools like Tor are really needed
0:41:27.949,0:41:28.860
in our time
0:41:28.860,0:41:35.860
this isn't going
0:41:36.599,0:41:43.599
to get better any time soon; so uh, we better
create the tools now
0:41:45.779,0:41:52.779
to circumvent this
0:41:52.899,0:41:59.039
Take a quick look at the uh browser again
0:41:59.039,0:42:00.089
currently the uh,
0:42:00.089,0:42:02.660
connection set up failed
0:42:02.660,0:42:04.070
which I can't do anything about right now.
0:42:04.070,0:42:11.070
uh, which one?
0:42:23.089,0:42:25.629
Oh, that's all me
0:42:25.629,0:42:27.539
uhm
0:42:27.539,0:42:30.249
it depends upon
0:42:30.249,0:42:33.140
you can use any port you like
0:42:33.140,0:42:34.539
It depends on uh,
0:42:34.539,0:42:39.279
what port the nodes use. Nodes can use any port
0:42:39.279,0:42:42.259
for example, when I don't want to run nodes
0:42:42.259,0:42:44.109
I can put it on pause
0:42:44.109,0:42:45.679
port 80 if you want
0:42:45.679,0:42:47.470
so anyone who uh
0:42:47.470,0:42:49.219
who has uh
0:42:49.219,0:42:50.979
HTTP access can actually access my node
0:42:53.009,0:42:56.529
so uh
0:42:56.529,0:43:01.299
In theory uh
0:43:01.299,0:43:05.959
you can use any port you like.
0:43:05.959,0:43:12.009
So, this isn't going to work.
0:43:12.009,0:43:13.519
Maybe I'll just uh,
0:43:13.519,0:43:20.519
if anyone is interested, I'll just try again later
0:43:33.089,0:43:34.680
That's port 80
0:43:34.680,0:43:39.369
it's a you know, HTTP connection so,
0:43:39.369,0:43:42.359
So, are there any questions?
0:43:42.359,0:43:49.359
Yes?
0:44:06.140,0:44:08.689
Well, usually I use Opera, so
0:44:13.679,0:44:15.659
I didn't know
0:44:26.839,0:44:28.970
Yes, there are about 300 uh,
0:44:32.879,0:44:35.040
I think about
0:44:35.040,0:44:39.759
300 Tor servers around the world
0:44:39.759,0:44:43.349
No, it's uh correct
0:44:43.349,0:44:47.119
at the moment there are three directory servers
0:44:47.119,0:44:49.579
worldwide
0:44:49.579,0:44:51.630
you can recognize them by their public key
0:44:51.630,0:44:52.909
and their public keys are
0:44:52.909,0:44:56.119
hard coded into the source code at the moment
0:44:56.119,0:44:58.799
so, the uh
0:44:58.799,0:45:01.499
Tor developers actually run those directory servers
0:45:01.499,0:45:08.499
but this is really critical infrastructure
0:45:11.729,0:45:12.719
uhm
0:45:12.719,0:45:14.729
Well it's it's hard to say
0:45:14.729,0:45:16.219
Because the question was uh
0:45:16.219,0:45:21.799
Were there any estimates on uh,
0:45:21.799,0:45:26.489
net usage and other stuff
0:45:26.489,0:45:31.730
it's really hard to say because it's an anonymization
network so uh,
0:45:31.730,0:45:32.999
you can't say for sure, but there are estimates of
one hundred thousand users around the world
0:45:32.999,0:45:36.949
and uh, I'm not sure of the traffic.
0:45:36.949,0:45:39.219
I used to run a middleman node,
0:45:39.219,0:45:40.369
and in one month
0:45:40.369,0:45:42.699
it would make
0:45:42.699,0:45:43.849
it was on a one hundred megabits
0:45:43.849,0:45:45.359
or dedicated line,
0:45:45.359,0:45:47.249
and it made about one terabyte of traffic
0:45:47.249,0:45:49.459
so it's a lot of traffic
0:45:49.459,0:45:52.449
going on
0:45:52.449,0:45:56.259
and unfortunately also a lot of filesharing systems
0:45:56.259,0:45:59.739
which it doesn't really make sense because they're slow
0:45:59.739,0:46:00.570
So uhm,
0:46:00.570,0:46:01.609
Tor is really cool
0:46:01.609,0:46:03.359
for web browsing and stuff
0:46:03.359,0:46:10.359
but if you really want to move a lot of data it's
not a good tool
0:46:10.759,0:46:11.479
Ah, any other questions? Doesn't seem to be the case. Ok!
Reference in a new issue View git blame Copy permalink