George Kadianakis:
>> 2.Client computes POW.
>> Do{
>> Generates random 8 bytes key (ClientKey).
>> Generates hash(sha512/256 or sha3??) of
>> hash(IPKey + ClientKey)
>> } while (hash does not start with "abcde")
>>
>
> That looks like a naive PoW scheme. It would perhaps be preferable t
mpute aggregates simply by adding inputs.
My overall opinion about Prio is that could be very useful to collect
per-client statistics, such as from Tor Browser, but that doing so would
require an upgraded version secure against malicious servers.
Best,
Aaron
> On Nov 19, 2018, at 7:19 PM, teo
sing
the github tools to facilitate code reviews and testing, and has OK
testing coverage and documentation.
--Aaron
[1]
https://trac.torproject.org/projects/tor/wiki/org/meetings/2018Rome/Notes/BandwidthAuthorityRequirements
[2] https://github.com/thetorproject/b
that you estimated
$37.20/Gbps/month instead of $3.72/Gbps/month. This still seems low by an order
of magnitude. Thus, my argument stands: waterfilling would appear to decrease
the cost to an adversary of getting guard probability compared to Tor’s current
weighting scheme.
Best,
Aaron
t among likely
attackers). In the absence of detailed attacker information, a good design
principle might be for clients to choose “diverse” relays, where diversity
should take into account country, operator, operating system, AS, IXP
connectivity, among other things.
Best,
Aaron
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
worse against network-level adversaries.
Thus, it doesn’t seem to me that waterfilling protects Tor’s users against
their likely adversaries, and in fact is likely to make things less secure in a
few important cases.
Best,
Aaron
> On Jan 31, 2018, at 5:01 PM, teor wrote:
>
>
> On 1
circuits through that exit). How that could be done with adequate
efficiency isn’t clear to me, though (it seems like a research question).
Best,
Aaron
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
plied by
the client in Prio). There are reasonably efficient protocols for doing so,
including SDPZ and TinyOT [1].
Best,
Aaron
[0] Ivan Damgard and Valerio Pastro and Nigel P. Smart and Sarah Zakarias,
"Multiparty Computation from Somewhat Homomorphic Encryption", CRYP
p 3: Specify how the coefficients are determined.
Best,
Aaron
> On Sep 27, 2017, at 11:20 PM, Carolin Zöbelein
> wrote:
>
> Hi,
>
>> Hi,
>>
>> This looks like a great overview of the Shamir secret-sharing
>> protocol.
>>
>> We talked about instanti
ivacy provided by PCSA. However, it may well be an
improvement on what Tor is doing currently :-)
Best,
Aaron
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
counter. It is not clear to me that it is better to suffer the
inaccuracy of the PCSA sketching plus that of the added noise when one could
simply rely on adding differentially-private noise, especially when the latter
provides a precise notion of privacy where the former does not.
Best,
Aaron
[0
” tab on
<https://metrics.torproject.org/userstats-relay-country.html>.
Best,
Aaron
> On Apr 2, 2017, at 8:51 AM, Veer Kalantri wrote:
>
> about which stats are you talking Aaron?
>
>
> On Sun, Apr 2, 2017 at 5:45 PM, Aaron Johnson <mailto:aaron.m.john...@nrl.
essarily correspond to a different IP because of
NAT, and so counting connections may actually be more accurate.
Best,
Aaron
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
ty of adding such local noise depends on on how inaccurate this would
make the results.
You may wish to contact Karsten Loesing of the Tor Metrics team to verify my
understanding.
Best,
Aaron
> On Apr 1, 2017, at 7:19 AM, Florian Tschorsch
> wrote:
>
>
> Hi Samir,
>
> this
relays that observe the
same guard being used in a short period of time, indicating activity by the
same client.
Best,
Aaron
> On Oct 11, 2016, at 7:58 PM, Henry de Valence wrote:
>
> Hi,
> On Wed, Oct 05, 2016 at 04:09:15PM -0400, Philipp Winter wrote:
>> 0. Overview
>&g
fferent method than GET or HEAD. I can't see how a
> user meant the remaining parts to be private.
I’m happy to see that you’re removing 404s! Some things that occurred to me are
avoided by doing this (e.g. inadvertent sensitive client requests).
>
> We shall specify the sanitiz
, and it definitely
helps that some sanitization was applied :-)
Best,
Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
ind releasing
these stats. Are they raw numbers? Rounded? More generally, how are the web
logs sanitized? I’m interested in how safe these statistics are to release and
how they might be changed to be even more privacy-preserving.
Thanks,
Aaron
signature.asc
Description: Message signed with
descriptors are very small,
and so it seems to me that mixing could be applied here to defeat
deanonymization.
2. Read the alpha-mixing paper [2], which first described how high-latency
and low-latency traffic might be mixed together.
Good luck!
Aaron
[0]
<https://freedom-to-tinker.com/b
group?
Aaron
> On Oct 8, 2015, at 10:33 AM, Aaron Johnson
> wrote:
>
>> The idea of that list is to provide specific activities for which the costs
>> are judged not to outweigh the benefits.
>
> Sorry, that should have been "for which the costs are judged *to* o
he Tor community without effort to
change minds beforehand, and that Tor network operators may already be
blacklisting relays that are observed participating in such activity. I think
that will be a very helpful kind of communication between Tor and researchers
that doesn’t exist tod
ithout having to
deal with crawlers or other snooping parties.
I actually think a list with specific examples is far more useful than a set of
abstract criteria that can easily be interpreted to be consistent with the
goals of the interpreter.
Best,
Aaron
competitor to hidden
services. And given that SOSes share 3-hop client circuits with exit circuits,
perhaps we should try and make those two cases indistinguishable. It doesn’t
seem impossible, although it probably requires adding some dummy steps to exit
connections.
Best,
Aaron
l if anybody
is doing this. That doesn’t mean that Tor can’t request that it never be done.
And “legitimate” researchers will absolutely follow community standards. First,
because most of them aren’t jerks. Second, because conference program
committees and journal editorial
e
wiki: <https://trac.torproject.org/projects/tor/wiki/doc/ResearchEthics>.
Please send any comments.
Best,
Aaron
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
times are more likely to be observed). So the probability that there are
exactly t days until rotation of the observed node should be proportional to
\sum_{i=t}^N Pr[X=i]. After normalization to make this a probability, the
expression is (\sum_{i=t}^N Pr[X=i]) / (\sum_{i=1}^N Pr[X=i]*i).
Best,
ht as guards for the last
month (I didn’t look back farther). Every consensus in September 2015 has had
Wgd=0 and Wed=1. So effectively the network has been treating those relays
as exits only.
Best,
Aaron
signature.asc
Description: Message signed with OpenPGP u
ingle onion
services. However, SOSes could still hide what the server does by including the
authentication cookie, and that seems valuable. Isn’t authentication already an
option in onion services, though?
Cheers,
Aaron
> On Sep 6, 2015, at 3:21 AM, David Goulet wrote:
>
> On 05 Sep (
ving or
adding a relay adjusts the onion service locations by an amount that is at most
the fraction that is that relay’s total bandwidth fraction. To ensure coverage
for clients with older consensuses, the relay can maintain HSDir+IPs at the
locat
s
much of that activity as larger relays.
The uniform division of the hash ring has always seemed like an incorrect
design choice, and it is one that we have an opportunity to fix.
Best,
Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
__
unfortunately educated guessing at this point.
Best,
Aaron
> On Jul 17, 2015, at 8:11 PM, s7r wrote:
>
> Signed PGP part
> On 7/18/2015 12:49 AM, A. Johnson wrote:
> >
> > Not having the third guards be selected by every second guard makes
> > sense when you consider that
On 2015-07-02 08:12, Karsten Loesing wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Moving this discussion here from another list with Virgil's permission.
On 02/07/15 08:42, Virgil Griffith wrote:
Big issues right now are: * Bugs (?) in Onionoo --- Onionoo doesn't
sanitize its data. Fo
> On Apr 20, 2015, at 1:40 PM, Paul Syverson wrote:
>
> On Mon, Apr 20, 2015 at 01:05:16PM -0400, A. Johnson wrote:
>>> This is another reason why [modifier] onion service is
>>> problematic; it will almost certainly get shortened in use, just
>>> as location-hidden service did.
>>
>> The obv
all
and the next meeting will be on Monday 24th of November.
My preference is also Monday.
--Aaron
Have fun!
~ Arturo
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
mplate
that provides a basic example of a Tor network test in ooni.
There's plenty of room for improvement, comments and patches are very
welcome.
--Aaron
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
On Thu, Oct 17, 2013 at 1:03 AM, Mike Perry wrote:
> Here's the major usability pain points I've run in to with various OTR
> clients over the years. Feel free to chime in with any additional issues
> you've noticed.
>
>
> 1. The multiple client problem: If you have two devices online
> simultaneo
On Thu, Oct 10, 2013 at 9:57 AM, Philipp Winter wrote:
> On Thu, Oct 10, 2013 at 07:23:11AM +0000, Aaron wrote:
> > I have been working on adding a "Tor Network Test Template" to
> ooni-probe;
> > the basic concept is to extend the Tor controller library we use
&g
twork
interference tests can be easily adapted to running on the Tor network.
Future ideas include adding signing support to ooni reports so that
reliable reporters can build trust, and automatically parsing submitted
reports to generate BadExit after a threshold of reporters is reached.
Hope
TorCheck repo
(https://github.com/aagbsn/TorCheck) which outlines the sort of
templating and i18 work that should make supporting BridgeDB's front
end easier.
--Aaron
>
> All the best,
> SiNA
>
> Andrew Lewman:
>> On Mon, 11 Mar 2013 11:08:36 +0530
>> Sathyanarayana
bridges we hand
out. I believe we have about 5-10x as many "normal" bridges as "obfs"
bridges, so I would be hesitant to have all the users of normal
bridges abruptly switch over to the limited set of obfs bridges at
this point...
But I do agree that every bridge should also be
we do intend to have OONI working on android, I'm not aware of
any progress in this area yet.
Isis mentioned that she had taken a look with abel and had some notes
on the topic.
While poking around the interwebs I stumbled across kivy.org. Has
anyone taken a look at it?
s
is a new check.tp.o that will replace it:
https://github.com/aagbsn/check
https://check.extc.org/ (self-signed cert)
--Aaron
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
P
addresses (e.g. owns a botnet) can get more bridges. This is exactly
the scenario for which ReCaptcha was deployed.
Does that make sense?
--Aaron
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
o longer work?
How long do bridges work for you, typically? Any feedback you can give
is helpful!
--Aaron
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
On Fri, Jul 20, 2012 at 3:08 PM, Aaron wrote:
> BridgeDB was extended to filter bridges that are blocked in a
> specified country from its response. BridgeDB needs a list of what is
> blocked, and where, for this to work.
>
> We want to answer the question "What is blocked,
ive scanning?
6. For passive censorship detection, are there other indicators other
than relay/bridge usage-by-country over time?
7. Should relays report per-country usage by address/transport? What
are the upsides? Downsides?
Thanks in advance!
--Aaron
___
On Sun, Jul 15, 2012 at 12:56 PM, Arturo Filastò wrote:
> * No resume support (this can be implemented on top of HTTP, we could
> even implement the rsyc algorithm
> on top of HTTP).
Are you sure HTTP doesn't support resume? What does wget -c do?
> Thoughts?
>
> - Art.
>
> [1] https://github.com
On Mon, Jan 30, 2012 at 1:14 AM, Roger Dingledine wrote:
> On Sun, Jan 15, 2012 at 09:34:49AM -0800, Aaron wrote:
>> This proposal outlines the required changes for BridgeDB to reallocate
>> bridges
>> from a blocked country to others that do not block.
>
> I guess
oposes two different approaches -- any feedback or
questions are very welcome!
--Aaron
Filename: xxx-bridgedb-reallocates-bridges.txt
Title: BridgeDB Reallocates Bridges
Author: Aaron Gibson
Created: 15 Jan 2015
Status: Draft
Introduction:
This proposal outlines the required changes for B
are very welcome. Thanks!
--Aaron
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
On Sat, Dec 10, 2011 at 12:19 PM, Ralf-Philipp Weinmann
wrote:
>
> On Dec 10, 2011, at 4:07 PM, Robert Ransom wrote:
>
>> On 2011-12-06, Aaron wrote:
>>
>>> How does IPv6 affect address datamining of https distribution?
>>> A
Thanks for your feedback!
On Tue, Dec 6, 2011 at 1:45 AM, Linus Nordberg wrote:
> Aaron wrote
> Mon, 5 Dec 2011 16:38:49 -0800:
>
> | IPv6 Addresses are stored as strings, the same way as IPv4 addresses.
> | #XXX: is this better than using the ipaddr.IPAddress class
Attached is a draft document describing proposed changes to BridgeDB to
accommodate the new or-address spec (186-multiple-orports.txt) and IPv6 bridges.
I am especially interested in comments on sections tagged #XXX.
Thanks!
--Aaron
Filename: xxx-bridgedb-learns-ipv6.txt
Title: BridgeDB Learns
ctory servers
also vulnerable to censorship?
Q2: Regarding token redemption: Does an ASP relay contact the ASP
token bank through COR? Could the token verification history be used
to reveal which paths were constructed?
--Aaron
On Wed, Jul 13, 2011 at 11:47 AM, Nick Jones wrote:
> Hi All,
&
54 matches
Mail list logo
