On 3/20/14, Lunar <lu...@torproject.org> wrote: > Zenaan Harkness: >> From here: >> https://trac.torproject.org/projects/tor/ticket/6009 >> >> we see addition of >> TOR_SKIP_LAUNCH=1 >> command line option to effect start-tor-browser. >> >> My questions all assume using TBB. > > TOR_SKIP_LAUNCH was designed for Whonix and Tails use cases. For both > the tor daemon is started independently of the Tor Browser. For the > former on a different host and for the latter under a different system > user.
My proposed "VPN" scenario is similar to the Whonix concept. >> Q1) When is it sensible to use the above TOR_SKIP_LAUNCH=1 option? >> For example: >> - when connecting to local always-on relay? >> - when connecting to local sometimes-on relay? >> - when connecting to ones own 'cloud' relay via VPN? >> - when connecting to ones own physical host relay via VPN? >> - when connecting to a friend's home host relay via VPN? > > None of the above. What is the problem of running tor locally? High-latency, low-bandwidth dialup and satellite connections for some of the people I advocate tor to (and libre software in general of course). This FAQ entry: https://www.torproject.org/docs/faq.html.en#ShouldIUseTorWithAVPN says in part "if you're looking for a trusted entry into the Tor network, setting up a private Tor server as a bridge is a great option". The "private bridge" or rather, "trusted entry" in our case is the first (so far) tor relay I installed, which is installed at a site with a low-latency, reasonable-bandwidth ADSL2 connection. As the website suggests here: https://www.torproject.org/docs/faq.html.en#RelayOrBridge exit relays are most needed. So that's what I set up. I am assuming that this exit relay is also useful as a "trusted entry to tor" bridge for those who are not practically able to run their own private/public bridge/relay (high latency links etc, see above). Is my assumption correct? If not, is there a better way? Eg would it make sense to run two instances of tor at the current exit relay host (one as a "trusted entry"), rather than just the exit relay? So I'm not sure any of those 5 questions above make sense. But that's the context in my mind "trusted entry to tor" at the least for those with problematic, high-latency and/ or low-bandwidth and/ or censored (not sure that's the case yet in Australia, but could be?) internet connections. I am using the term "VPN" since for my joining-tor advocacy, at least for a few people, I have set up limited ssh logins on our first exit relay I refer to, which I am assuming is also a useful tor entry point for problematic internet links. So it is I guess a "limited" VPN which I am referring to in my questions, which exists for the purposes of allowing certain users (with problematic links) to connect to the exit relay which I am assuming is useful as a "trusted entry bridge". Hope I'm making sense here... A question I'm not able to answer: is it beneficial to have this VPN for some of the users, or should I just tell them "customize your connection and add the name of the relay to the last step - to bypass your filtering ISP or to use our 'trusted relay'"? Or is it better that they use the IP address and tor port of the relay as their "bridge" config, or something else? I really would like to understand the pros and cons of these alternatives, and have been studying tp.o in vain to try and find out. When you say "running tor locally", are you referring only to a "local always-on relay" - eg one connected to ADSL permanently? Or do you also include in that term, 'running TBB locally on the spot which creates its own local tor instance'? As in, are you also including in the term "running tor locally" a "local sometimes-on relay (or 'private' bridge?)"? For example, a person has a high-latency low-bandwidth dialup connection and so cannot run a relay and cannot run it all the time - they need to make and receive phone calls sometimes, or they only have one portable computer which they cannot leave on site at all times. Does a temporary local "tor" satisfy the concept "running tor locally"? I apologise in advance, I am quite a newbie to tor and anonymous networks and am really struggling with some of the terms and concepts used. Yes I may well be missing something obvious. My next question: Does running a "local always-on relay" provide https://www.torproject.org/docs/faq.html.en#BetterAnonymity by simply running it, but completely ignoring it thereafter (as in, just run TBB with default network config, pretending your own relay does not exist)? I've been assuming not, but after your questions back to me, now I'm beginning to wonder how confused I might really be here... If it is not recommended to run a relay and connect with TBB to somewhere else (whatever the 'default' happens to be), then this should certainly be stated somewhere - and frankly, TBB ought have options in its config dialog (it this is what is recommended) for "I'm running a tor relay on my LAN, which I am also connected to right now, and intend to use it - here's the SOCKS IP and port" as well as "I'm VPN-ing to a relay I'm running elsewhere and intend to use that, here's my properly forwarded localhost SOCKS port for my remote tor relay instance". If 'run a relay but ignore it' is intended by the project, that is not intuitive from the torproject.org website and documentation that I've read so far. I don't understand the anonymity implications for the differences in these various scenarios which I am trying to comprehend. And I haven't been able to answer these questions in a fair bit of reading so far. And whilst I don't understand, then I am unable to advocate (in good conscience) in any way other than to say "yeah, TBB should provide some reasonable anonymity improvements - just download from tp.o and run". Without understanding, of course I cannot optimize privacy for those I advocate to. >> Q2) When connecting to a trusted friend's relay via VPN, [...] > > Why would you want to do that instead of using a (private) bridge? High-latency, low-bandwidth, only sometimes-on internet connections. Also, I am struggling to find a proper definition of 'private bridge' and what that exactly means and how it actually works. I searched tp.o for a glossary, and only found git showing a terms list for translators (no definitions). Perhaps the FAQ could be updated after my mis-understandings are clarified? For example, I am currently unable to answer the question: What sort of connections does a private bridge have in and out? Is it only connections from those who know the name or ip of the private bridge? Or does it also act as a relay sometimes? BTW, I have read this (in full, at least twice, as with much of tp.o): https://www.torproject.org/docs/bridges#RunningABridge and yet still cannot answer these questions. I have yet to properly read the Tor design docs, but I was hoping tp.o would provide enough information for a thorough understanding for a (advanced?) relay operator. Perhaps up to now no one has faced the scenarios I am facing - in which case, this will be a great opportunity for some new docs. I am willing to summarize things once I realise where I have been not understanding. From: https://www.torproject.org/docs/faq.html.en#BetterAnonymity that FAQ entry regarding "does running a relay give better anonymity" concludes with "It is an open research question whether the benefits outweigh the risks. A lot of that depends on the attacks you are most worried about. For most users, we think it's a smart move." This wording ought be a little tighter - as in "for most users" implies there are "at least some users" for whom running a relay is not a smart idea - who are those users, even who might they possibly be?? It might be obvious to others who those "other" tor users might be, but it's not obvious to me, and I think it would be good to clarify this point, if possible. If it is not possible to describe such a "hypothetical user who could benefit from NOT running a relay", then we should state that, admitting that we do not know for whom not running a relay is a benefit, or could be a benefit. The point is: It is good that we be as clear as possible on the boundaries of our knowledge regarding these issues of tor and privacy and anonymity (another two terms that would be good to carefully define in an end-user Glossary page). Is it advised for or against, for high-latency and/ or low-bandwidth users (common in rural areas) to connect to a site (vpn or just using the relay name as a bridge) where that site has its tor running as an exit relay? What if the site they VPN to is a normal 'public' bridge relay? What if it is an un-listed (what I understand to be 'private') bridge (relay?)? I am expected to advocate/install etc, for a small community of couple dozen or so people. I have read this: https://www.torproject.org/docs/faq.html.en#AlternateDesigns Which answers "shouldn't tor default to all tor users being relays". At the moment, I realise I am making certain assumptions about whether one setup, or one connection method, is more, or less, 'anonymous', than some other setup or method. I have a duty of care towards those I assist. I am bound in my conscience to assist people only by coming to a full and proper understanding of the trade-offs of different setups that I could advocate for. >> Q5) When connecting to a trusted friend's relay via the open Internet, >> is this what's called using the relay as a "bridge"? > > Using a relay as a bridge is when you configure a public Tor relay > instead of an unlisted bridge as one of tor bridges. There are very few > use cases where it makes sense. See "Bridge" and "UseBridge" in tor(1) > manual page. My point is, the exit relay I installed is a 'public tor relay' - as in it is not configured as 'private', but is that what you mean? In my mind 'public tor relay' could mean 'a relay not installed and operated by you, but instead by someone else in the public and quite possibly not trusted'. Thank you for those man page pointers. That clarifies part of the "how". Hopefully soon I'll have a solid "why" (or why not) :) Also, the bottom of https://www.torproject.org/docs/bridges#RunningABridge references bridges-spec.txt, which I am yet to read in full, but shall do so. Thank you so much for your feedback, Zenaan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
