diff options
Diffstat (limited to 'en_US.ISO8859-1/captions/2007/meetbsd/brueffer-torprvacy.sbv')
| -rw-r--r-- | en_US.ISO8859-1/captions/2007/meetbsd/brueffer-torprvacy.sbv | 2391 |
1 files changed, 2391 insertions, 0 deletions
diff --git a/en_US.ISO8859-1/captions/2007/meetbsd/brueffer-torprvacy.sbv b/en_US.ISO8859-1/captions/2007/meetbsd/brueffer-torprvacy.sbv new file mode 100644 index 0000000000..1bba30ffdc --- /dev/null +++ b/en_US.ISO8859-1/captions/2007/meetbsd/brueffer-torprvacy.sbv @@ -0,0 +1,2391 @@ +0:00:09.649,0:00:15.249 +Fortunately my slide will be centered, because +I'll have to change resolutions, I think this works out.. + +0:00:15.249,0:00:19.310 +And, it's about protecting your privacy with FreeBSD and Tor + +0:00:19.310,0:00:20.859 +and, uh... + +0:00:20.859,0:00:21.480 +Privacy + +0:00:21.480,0:00:25.859 +what I mean here is mostly anonymity + +0:00:25.859,0:00:28.889 +but there are some other aspects that + +0:00:28.889,0:00:34.390 +I'll talk about later + +0:00:34.390,0:00:36.290 +uh, so... + +0:00:36.290,0:00:39.500 +I want to first talk about who needs anonimity anyway + +0:00:39.500,0:00:42.880 +is it just for criminals or some other bad guys, right? + +0:00:42.880,0:00:44.209 +after this + +0:00:44.209,0:00:50.940 +anonymization concepts, then Tor. Tor's a, well, a tool + +0:00:50.940,0:00:52.870 +to, uh... + +0:00:52.870,0:00:59.320 +anonymize you on the Web. Then I'll talk about what +FreeBSD can do with it + +0:00:59.320,0:01:00.430 +and what else + +0:01:00.430,0:01:01.980 +you have to take care of + +0:01:01.980,0:01:06.070 +when you want to be anonymous on the Web or the Internet + +0:01:06.070,0:01:06.650 +and uh, + +0:01:06.650,0:01:12.280 +if time permits I'd like to do a little demonstration + +0:01:12.280,0:01:16.970 +Ok, so who needs anonymity anyway? + +0:01:16.970,0:01:20.510 +Anonymity is a pretty vast + +0:01:20.510,0:01:22.030 +interest to most people + +0:01:22.030,0:01:24.740 +but it's really important for + +0:01:24.740,0:01:26.400 +journalists... There was a case in, uh, + +0:01:26.400,0:01:28.619 +Thailand last year + +0:01:28.619,0:01:32.510 +when the military coup was going on + +0:01:32.510,0:01:38.150 +and the journalists in Thailand couldn't really uh, + +0:01:38.150,0:01:39.830 +journalists couldn't really, uh + +0:01:39.830,0:01:43.050 +get the information they needed to do their work + +0:01:43.050,0:01:45.750 +also, uh, informants + +0:01:45.750,0:01:49.100 +whistleblowers... people who want to tell you about + +0:01:49.100,0:01:52.490 +corruption going on in governments and companies + +0:01:52.490,0:01:56.460 +and don't want to lose their job for it... Dissidents + +0:01:56.460,0:01:58.250 +uh, best case + +0:01:58.250,0:02:01.610 +when in Myanmar + +0:02:01.610,0:02:03.750 +last few weeks ago + +0:02:03.750,0:02:05.290 +when the + +0:02:05.290,0:02:07.649 +all the Buddhists monks were going to the streets and uh, + +0:02:07.649,0:02:09.879 +the Internet was totally censored + +0:02:09.879,0:02:14.899 +it was really dangerous to do anything on the Internet + +0:02:14.899,0:02:17.719 +so, so umm + +0:02:17.719,0:02:20.489 +socialy sensitive information, like when you want to uh, + +0:02:20.489,0:02:23.719 +when you were abused + +0:02:23.719,0:02:25.769 +and want to talk to other people about it + +0:02:25.769,0:02:30.039 +you don't... naturally you don't want other people to +know who you are + +0:02:30.039,0:02:31.840 +as it will be very embarrassing + +0:02:31.840,0:02:33.779 +also Law Enforcement, ah + +0:02:33.779,0:02:38.579 +for example, uh, when you want to set up a + +0:02:38.579,0:02:41.669 +an anonymous tipline for crime reporting + +0:02:41.669,0:02:45.810 +and uh, also companies that want to, uh + +0:02:45.810,0:02:48.079 +research competition, as one case that, uh + +0:02:48.079,0:02:51.029 +that a company went to check the, uh + +0:02:51.029,0:02:54.339 +website competition and they noticed when they used Tor + +0:02:54.339,0:02:58.209 +that, uh, they were actually getting a different website +when they + +0:02:58.209,0:03:00.829 +uh, were coming from the corporate LAN + +0:03:00.829,0:03:04.609 +than anyone else was getting, so ah, + +0:03:04.609,0:03:07.509 +it's a good way to, uh, + +0:03:07.509,0:03:11.859 +check out... competition like this + +0:03:11.859,0:03:13.349 +Also military + +0:03:13.349,0:03:15.679 +actually military was one of the, uh + +0:03:15.679,0:03:17.479 +original + +0:03:17.479,0:03:20.510 +driving forces behind the + +0:03:20.510,0:03:24.319 +anonymization research. + +0:03:24.319,0:03:26.169 +and maybe you + +0:03:26.169,0:03:28.799 +may have heard of the European Union + +0:03:28.799,0:03:30.349 +Data Retention Directive? + +0:03:30.349,0:03:33.039 +where, umm + +0:03:33.039,0:03:35.739 +collection data gets stored + +0:03:35.739,0:03:41.259 +six to twenty-four months? Depends on the limitation +on the different nations + +0:03:41.259,0:03:45.069 +Two weeks back this was, uh, + +0:03:45.069,0:03:47.729 +the law was passed in Germany + +0:03:47.729,0:03:48.900 +so, uh + +0:03:48.900,0:03:50.450 +from first January on, + +0:03:50.450,0:03:52.159 +every connection, phone connection, + +0:03:52.159,0:03:55.389 +SMS, IP connections, + +0:03:55.389,0:03:58.480 +email, or the dial-in data needs to be stored + +0:03:58.480,0:04:00.449 +by providers for six months + +0:04:00.449,0:04:02.510 +and, uh, + +0:04:02.510,0:04:05.379 +sooner or later it's going to be in Poland as well + +0:04:05.379,0:04:07.689 +[talking] + +0:04:07.689,0:04:14.689 +well, you're part of the Euro Union now, so ah, welcome! + +0:04:16.989,0:04:18.529 +okay, uh + +0:04:18.529,0:04:21.220 +that's a + +0:04:21.220,0:04:27.110 +maybe you want to hide what interests you have and uh, +who you talk to, I mean uh, + +0:04:27.110,0:04:30.889 +like all of you know the Internet isn't very + +0:04:30.889,0:04:34.199 +secure in the first place so your ISP can see who you're +talking to + +0:04:34.199,0:04:37.780 +if they bother to find out + +0:04:37.780,0:04:40.709 +yeah, and also + +0:04:40.709,0:04:46.279 +criminals, but um, they already do illegal stuff and they +don't care about + +0:04:46.279,0:04:51.629 +doing more illegal stuff to stay anonymous, right? They can +uh, steal people's identities, they can rent botnets or +create them in the first place + +0:04:51.629,0:04:53.829 +and uh, + +0:04:53.829,0:04:54.689 +or just + +0:04:54.689,0:04:59.689 +crack one of the thousands of Windows computers online, +no big deal + +0:04:59.689,0:05:02.029 +so, uh + +0:05:02.029,0:05:05.199 +Criminals already do this and uh, + +0:05:05.199,0:05:06.360 +the normal + +0:05:06.360,0:05:13.360 +citizens can't do this so... + +0:05:14.680,0:05:16.460 +So all the groups that need anonymization are very different, + +0:05:16.460,0:05:18.330 +but they all have the same goal, and uh + +0:05:18.330,0:05:20.619 +that's also one of the + +0:05:20.619,0:05:22.229 +key concepts of + +0:05:22.229,0:05:22.919 +anonymization + +0:05:22.919,0:05:24.090 +you can't really + +0:05:24.090,0:05:25.930 +stay anonymous on your own + +0:05:25.930,0:05:28.999 +you needs the help of more people + +0:05:28.999,0:05:30.559 +and uh, + +0:05:30.559,0:05:32.680 +the more diverse the group that needs + +0:05:32.680,0:05:38.539 +anonymity, the better + +0:05:38.539,0:05:40.979 +Ok, so on to talking about two + +0:05:40.979,0:05:42.949 +anonymization concepts + +0:05:42.949,0:05:44.539 +uh huh + +0:05:44.539,0:05:51.539 +Proxy? Everyone here probably knows how a proxy works, +uh yeah + +0:05:52.559,0:05:53.169 +LANs connect to the proxy and request + +0:05:53.169,0:05:57.290 +a website or whatever and the proxy + +0:05:57.290,0:06:00.359 +just passes it on and pass through + +0:06:00.359,0:06:03.789 +right + +0:06:03.789,0:06:04.680 +um + +0:06:04.680,0:06:09.329 +Proxys are fast and simple but it's a single point of +failure, like uh, + +0:06:09.329,0:06:13.139 +when law enforcement or anyone else wants to +uh, know + +0:06:13.139,0:06:15.289 +who you're talking to they just + +0:06:15.289,0:06:19.759 +get a subpoena or + +0:06:19.759,0:06:22.440 +break into the computer room or whatever + +0:06:22.440,0:06:26.400 +it's pretty easy + +0:06:26.400,0:06:30.050 +Second anonymization concept is mixed, + +0:06:30.050,0:06:32.549 +it's really old from nineteen eighty one + +0:06:32.549,0:06:35.099 +so you can see, uh, + +0:06:35.099,0:06:41.150 +how long the research in this area is going on + +0:06:41.150,0:06:43.150 +the mix is kind of similar to a proxy + +0:06:43.150,0:06:47.090 +like, trying to connect to it to send the messages + +0:06:47.090,0:06:50.779 +and the mix collects them + +0:06:50.779,0:06:54.550 +and no less than um + +0:06:54.550,0:06:56.699 +it puts them all + +0:06:56.699,0:06:58.319 +in through different coincides and uhm, + +0:06:58.319,0:07:00.169 +you see here it + +0:07:00.169,0:07:03.849 +shuffles them and waits + +0:07:03.849,0:07:08.930 +til there's enough data in it and just + +0:07:08.930,0:07:11.039 +shoves them and sends them back out so + +0:07:11.039,0:07:18.039 +um, this is to protect against correlation effects. + +0:07:20.219,0:07:22.439 +But second in... + +0:07:22.439,0:07:23.379 +Oh yeah, and + +0:07:23.379,0:07:27.879 +when you actually put several mixes uh + +0:07:27.879,0:07:31.259 +behind them; it's a mixed escape and uh, + +0:07:31.259,0:07:32.149 +between mixes is also + +0:07:32.149,0:07:35.330 +a friction going on, uh, the first + +0:07:35.330,0:07:38.349 +or the client which is + +0:07:38.349,0:07:44.069 +you could see here if this lights would be centered, uh, + +0:07:44.069,0:07:46.029 +what else gets the + +0:07:46.029,0:07:48.879 +public keys of all the mixes + +0:07:48.879,0:07:51.160 +and encrypts the message first for each of them + +0:07:51.160,0:07:54.879 +and each mix removes one encryption layer and + +0:07:54.879,0:07:59.280 +uh, the last one actually passes on the message unencrypted + +0:07:59.280,0:08:04.369 +and uhm, loop back backwards the same + +0:08:04.369,0:08:06.379 +So, as you can probably imagine, + +0:08:06.379,0:08:11.389 +if you wait until you have enough messages, ah, and all +public key encryption + +0:08:11.389,0:08:12.280 +is going pretty slow + +0:08:14.069,0:08:17.939 +and uh, + +0:08:17.939,0:08:20.360 +this concept is mostly used for + +0:08:20.360,0:08:22.419 +remailers like + +0:08:22.419,0:08:26.359 +MixMinion, for example uh + +0:08:26.359,0:08:28.800 +where it's not really a possib... um + +0:08:28.800,0:08:32.610 +it's not really important + +0:08:32.610,0:08:33.979 +if the message is a couple of seconds + +0:08:33.979,0:08:36.540 +late or something, but it's not really + +0:08:36.540,0:08:39.870 +great for uh, for + +0:08:39.870,0:08:41.830 +low latency connections, + +0:08:41.830,0:08:44.730 +like web routing for example + +0:08:44.730,0:08:47.060 +but what's good about it it's uh + +0:08:47.060,0:08:50.500 +distrinuted trust uh, + +0:08:50.500,0:08:54.940 +just one these mixes has to be secure to actually + +0:08:54.940,0:08:56.840 +anonymize the whole connection + +0:08:56.840,0:08:58.460 +so it's slow but it's + +0:08:58.460,0:09:05.460 +distributed trust, which is good. + +0:09:06.230,0:09:09.930 +So, I want to introduce Tor + +0:09:09.930,0:09:12.320 +Tor stands for The Onion Router. + +0:09:12.320,0:09:16.340 +It's a concept that is actually built on + +0:09:16.340,0:09:17.720 +both these concepts + +0:09:17.720,0:09:21.340 +mixes and proxies. + +0:09:21.340,0:09:22.770 +It's a TCP-Overlay network, + +0:09:22.770,0:09:24.900 +means you can, uh + +0:09:24.900,0:09:25.560 +channel any + +0:09:25.560,0:09:27.320 +TCP connection through it + +0:09:27.320,0:09:28.480 +theoretically + +0:09:28.480,0:09:31.310 +uh, theoretically I will explain + +0:09:31.310,0:09:33.790 +a couple of slides later + +0:09:33.790,0:09:37.040 +it provides a SOCKS interface so you don't need any uh, + +0:09:37.040,0:09:42.060 +special application proxies like any application that uses +SOCKS interface can just, + +0:09:42.060,0:09:43.370 +talk to talk + +0:09:43.370,0:09:48.070 +and it's available on, um, all major platforms + +0:09:48.070,0:09:53.940 +what is uh, especially important is available in Windows + +0:09:53.940,0:09:55.850 +'cause, uhm, like I said earlier once + +0:09:55.850,0:09:57.740 +you want a really diverse, + +0:09:57.740,0:09:59.560 +really diverse group of users + +0:09:59.560,0:10:05.250 +so you actually need uh, + +0:10:05.250,0:10:06.860 +the normal user + +0:10:06.860,0:10:13.150 +not just geeks. + +0:10:13.150,0:10:15.160 +Um, well it aims to uhm + +0:10:15.160,0:10:15.939 +combine the positive attributes of + +0:10:15.939,0:10:17.480 +proxies and mixes + +0:10:17.480,0:10:18.749 +Like, proxies are fast, but + +0:10:18.749,0:10:20.620 +seem prone to failure + +0:10:20.620,0:10:21.770 +and mixes + +0:10:21.770,0:10:24.590 +distributed trust, you want to combine them + +0:10:24.590,0:10:29.930 +so uh + +0:10:29.930,0:10:31.310 +Fast, uh, Tor use not only public key + +0:10:31.310,0:10:33.220 +encryption but also session keys + +0:10:33.220,0:10:35.170 +symmetrically encrypted. + +0:10:35.170,0:10:37.260 +so uh + +0:10:37.260,0:10:41.710 +All the connection set up is this public key so you just, uh + +0:10:41.710,0:10:44.840 +authentication and stuff? + +0:10:44.840,0:10:50.860 +And uh, the actual communication that's going on later +is always symmetrically encrypted + +0:10:50.860,0:10:54.170 +And uh, so it's also TCP multiplexing + +0:10:54.170,0:10:55.850 +so you can run + +0:10:55.850,0:10:58.520 +several TCP connections through one + +0:10:58.520,0:11:02.220 +virtual Tor connection. + +0:11:02.220,0:11:05.610 +And the design goals are + +0:11:05.610,0:11:06.790 +yeah + +0:11:06.790,0:11:07.880 +deployability + +0:11:07.880,0:11:09.770 +like dums want the user to actually have + +0:11:09.770,0:11:12.680 +to patch his PC off the Operating System or something + +0:11:12.680,0:11:16.070 +just be in a... workable state really fast + +0:11:16.070,0:11:19.340 +um, usability, + +0:11:19.340,0:11:20.600 +so you get the uh, + +0:11:20.600,0:11:22.400 +normal users + +0:11:22.400,0:11:26.850 +not just the geeks. Flexibility, uhm + +0:11:26.850,0:11:28.310 +it's aimed to + +0:11:28.310,0:11:29.910 +enable more research + +0:11:29.910,0:11:32.010 +in this whole area. + +0:11:32.010,0:11:33.059 +so, uh + +0:11:33.059,0:11:34.679 +the protocol to all users + +0:11:34.679,0:11:37.890 +should be really flexible + +0:11:37.890,0:11:42.110 +And uh, for simplicity it's a security application and + +0:11:42.110,0:11:45.900 +well complexity doesn't play well with uh, + +0:11:45.900,0:11:52.070 +security + +0:11:52.070,0:11:53.190 +So, this uh, + +0:11:53.190,0:11:55.300 +it's how Tor works, more or less + +0:11:55.300,0:11:58.800 +Dave is uh, a directory server, + +0:11:58.800,0:12:03.160 +it uh, caches information about the network state + +0:12:03.160,0:12:08.130 +and uh, which Tor servers are available in the network + +0:12:08.130,0:12:09.490 +and uh + +0:12:09.490,0:12:10.930 +Alice downloads + +0:12:10.930,0:12:14.740 +this whole list from Dave + +0:12:14.740,0:12:18.940 +you see the Tor nodes with the plus here? + +0:12:18.940,0:12:21.020 +Through this random + +0:12:21.020,0:12:22.790 +tree of service + +0:12:22.790,0:12:23.910 +when she wants to talk to Jane + +0:12:23.910,0:12:30.380 +for example + +0:12:30.380,0:12:34.280 +The first one is the entry node, middle LAN nodes, and the +uh exit nodes, I will leave thes for later + +0:12:34.280,0:12:41.000 +uh, so this + +0:12:41.000,0:12:43.990 +Alice talks to the entry node + +0:12:43.990,0:12:47.550 +there's a connection that is going on and is public key +encrypted + +0:12:47.550,0:12:51.330 +and they establish a session key and same + +0:12:51.330,0:12:53.090 +thing goes on + +0:12:53.090,0:12:58.520 +in these two and these two so they can communicate later on + +0:12:58.520,0:12:59.780 +What's really important here + +0:12:59.780,0:13:00.629 +is the last connection here + +0:13:00.629,0:13:03.090 +is actually unencrypted. + +0:13:03.090,0:13:05.240 +I will talk about it later + +0:13:05.240,0:13:06.610 +So it has to be unencrypted + +0:13:06.610,0:13:13.610 +so you can get your request through + +0:13:20.690,0:13:22.700 +this is a virtual circuit + +0:13:22.700,0:13:24.490 +that gets established and uh + +0:13:24.490,0:13:29.190 +every, every + +0:13:29.190,0:13:31.340 +ten minutes + +0:13:31.340,0:13:32.450 +a new circuit is built + +0:13:32.450,0:13:37.250 +when a new website, when a new request come through, so uh + +0:13:37.250,0:13:40.080 +this one stays, all these connections above stays + +0:13:40.080,0:13:41.940 +in this circuit + +0:13:41.940,0:13:43.630 +and after ten + +0:13:43.630,0:13:45.410 +when after ten minutes, ah + +0:13:45.410,0:13:52.410 +Alice wants to talk to Jane, a new circuit is built + +0:13:53.610,0:13:55.410 +and uh, this is important + +0:13:55.410,0:13:56.920 +to get strong + +0:13:56.920,0:13:57.710 +anonymity + +0:13:57.710,0:14:00.220 +in case one connection is compromised, for example. + +0:14:00.220,0:14:01.600 +An these ten minutes + +0:14:01.600,0:14:04.490 +are really an arbitrary value + +0:14:04.490,0:14:08.560 +,you can choose anything + +0:14:08.560,0:14:10.660 +you have to do the research + +0:14:10.660,0:14:11.970 +which value is best and so + +0:14:11.970,0:14:18.970 +ten minutes is compromised. + +0:14:19.840,0:14:22.240 +With all you get exit policies, + +0:14:22.240,0:14:24.640 +this is important for the exit node + +0:14:24.640,0:14:27.880 +the one which actually send the uh, + +0:14:27.880,0:14:30.410 +original request to the destination server + +0:14:30.410,0:14:31.670 +and huh + +0:14:31.670,0:14:32.839 +you can control which + +0:14:32.839,0:14:34.220 +TCP connections you want + +0:14:34.220,0:14:39.180 +to allow from your node if you want + +0:14:39.180,0:14:41.000 +that's default policy which uh + +0:14:41.000,0:14:43.610 +blocks SMTP and NNTP to prevent uh + +0:14:43.610,0:14:48.080 +spamming and all stuff + +0:14:48.080,0:14:49.060 +but you can actually allow + +0:14:49.060,0:14:51.970 +SMTP if you want + +0:14:51.970,0:14:54.070 +and there's some other ports blocked + +0:14:54.070,0:14:56.170 +but the rest of it works so + +0:14:56.170,0:14:57.900 +HTTP SSH + +0:14:57.900,0:15:01.630 +all the important stuff + +0:15:01.630,0:15:05.250 +that you would want to minimize just works + +0:15:05.250,0:15:10.290 +and uh, if you uh + +0:15:10.290,0:15:13.050 +this is important for uh, if you + +0:15:13.050,0:15:18.540 +want to run you node, uh + +0:15:18.540,0:15:19.220 +waht kind of node you actually want to run + +0:15:19.220,0:15:24.120 +if you look at the picture, uh earlier + +0:15:24.120,0:15:31.120 +there's these three different nodes: entry node, +middleman note, and exit node + +0:15:32.400,0:15:34.180 +and uh, which node you want to run + +0:15:34.180,0:15:36.780 +depends on how many problems you want afterwards + +0:15:36.780,0:15:39.590 +I will talk about it later uh + +0:15:39.590,0:15:40.970 +this one, + +0:15:40.970,0:15:46.950 +the exit node actually forwards the uh, requested date, uh + +0:15:46.950,0:15:47.700 +depends upon what + +0:15:47.700,0:15:51.570 +what the user actually uh wants, that's + +0:15:51.570,0:15:52.830 +if the user uh + +0:15:52.830,0:15:58.020 +Alice in this case uh + +0:15:58.020,0:16:02.080 +insults someone out on a web forum, then uh the uh + +0:16:02.080,0:16:03.470 +administrator of the forum will see the IP address + +0:16:03.470,0:16:05.340 +of the + +0:16:05.340,0:16:11.230 +exit node in his forum and not the one + +0:16:11.230,0:16:15.330 +of Alice so uh he's going to have the problems later on + +0:16:15.330,0:16:18.250 +so I will talk about it later + +0:16:18.250,0:16:21.600 +but you have to keep this in mind + +0:16:21.600,0:16:28.600 +and uh, keep up everything and uh we can play the role of +entry nodes and middle man nodes + +0:16:30.170,0:16:37.170 +which is also important + +0:16:39.130,0:16:42.930 +Special feature of Tor are hidden services + +0:16:42.930,0:16:45.850 +these are services which can be + +0:16:45.850,0:16:46.990 +accessed + +0:16:46.990,0:16:49.420 +without having an IP address + +0:16:49.420,0:16:50.960 +so uh + +0:16:50.960,0:16:56.300 +you can't really find them physically + +0:16:56.300,0:16:57.880 +so if you want to run a + +0:16:57.880,0:16:59.720 +hidden service you can do it from anywhere + +0:16:59.720,0:17:01.850 +do it from inside this private network here + +0:17:01.850,0:17:05.950 +instead of a service and everyone in the outside world can +actually access it + +0:17:05.950,0:17:07.770 +even if you don't have the rights to do + +0:17:07.770,0:17:11.330 +port forwarding or something + +0:17:11.330,0:17:13.580 +uh, this is really important to, uh + +0:17:13.580,0:17:15.690 +resist Denial of Service, for example + +0:17:15.690,0:17:20.160 +'cause every uh, + +0:17:20.160,0:17:20.519 +every client that wants to + +0:17:20.519,0:17:22.829 +access the service uh, gets + +0:17:22.829,0:17:25.700 +gets a different route in the network + +0:17:25.700,0:17:26.529 +and uh, it's hard + +0:17:26.529,0:17:28.460 +to actually uh + +0:17:28.460,0:17:31.970 +DOS it. And it's also important to + +0:17:31.970,0:17:33.610 +resist censorship + +0:17:33.610,0:17:38.510 +And the addresses look like this: + +0:17:38.510,0:17:43.280 +it's really a hash of a private key + +0:17:43.280,0:17:47.340 +and each hidden service is actually, well, identified + +0:17:47.340,0:17:53.300 +by a public key + +0:17:53.300,0:17:59.000 +this how it works, uhm, yet Alice the client + +0:17:59.000,0:18:02.170 +and the hidden server, Bob. + +0:18:02.170,0:18:04.120 +And if Bob wants to, uh, + +0:18:04.120,0:18:07.640 +wants to set up a service, + +0:18:07.640,0:18:08.159 +he chooses three introduction points + +0:18:08.159,0:18:09.899 +out of the whole mass + +0:18:09.899,0:18:11.920 +of Tor servers. + +0:18:11.920,0:18:18.920 +And Bob has the public key to identify the service, +and uh he sends + +0:18:22.530,0:18:26.860 +this public key into each of these three introduction +points to the directory server. + +0:18:26.860,0:18:28.740 +Now Alice wants to uh, + +0:18:28.740,0:18:31.610 +connect to Bob, but first the first thing she does + +0:18:31.610,0:18:34.480 +is download this + +0:18:34.480,0:18:38.910 +this list with the introduction points and the uh + +0:18:38.910,0:18:45.910 +public key from the directory server. After that, uh + +0:18:50.120,0:18:54.299 +she choose one of the uh introduction points + +0:18:54.299,0:18:55.930 +and uh, + +0:18:55.930,0:19:02.920 +posts a circle rendesvouz cookie there. A piece of +data so uh, she can, uh + +0:19:02.920,0:19:05.480 +identify herself + +0:19:05.480,0:19:06.900 +and uh, she also + +0:19:06.900,0:19:07.860 +gives the introduction point + +0:19:07.860,0:19:14.500 +the address of her random rendesvouz point that +Alice has chosen + +0:19:14.500,0:19:18.550 +so what happens then is uh, Bob notices that uh, + +0:19:18.550,0:19:23.760 +some data has been stored in the introduction point + +0:19:23.760,0:19:28.160 +and Alice and Bob uh, + +0:19:28.160,0:19:31.230 +make a rendesvouz point, and + +0:19:31.230,0:19:34.940 +Bob uses this, this uh + +0:19:34.940,0:19:36.700 +rendesvouz cookie to + +0:19:36.700,0:19:38.180 +actually identify himself on the rendesvouz point + +0:19:38.180,0:19:39.990 +and after that + +0:19:39.990,0:19:46.990 +all the connection of data runs through this rendesvouz point. + +0:19:50.870,0:19:53.180 +uh, if time permits I'll actually uh, + +0:19:53.180,0:19:54.710 +set up a rendesvouz + +0:19:54.710,0:19:55.960 +a hidden service here + +0:19:55.960,0:19:59.120 +so you can actually see how it works + +0:19:59.120,0:20:06.120 +I'll also demonstrate Tor, like I said + +0:20:08.800,0:20:09.770 +uh, there's some legal issues to be uhm + +0:20:09.770,0:20:12.450 +recognized, uh. As you can imagine, Tor may be +forbidden in some + +0:20:12.450,0:20:14.880 +countries; especially totalitarian countries + +0:20:14.880,0:20:17.530 +which censor the Internet anyway + +0:20:17.530,0:20:18.719 +and uh, + +0:20:18.719,0:20:21.030 +you may get into trouble for using Tor + +0:20:21.030,0:20:25.580 +practically, anyone knows this + +0:20:25.580,0:20:27.580 +there can be crytpo restrictions + +0:20:27.580,0:20:29.070 +for example Great Britain, the uh + +0:20:29.070,0:20:33.200 +RIPA act, I'm not even sure what it stands for + +0:20:33.200,0:20:36.140 +but basically says that uh, + +0:20:36.140,0:20:37.510 +if the government wants, + +0:20:37.510,0:20:40.410 +then you have to give up your crypto keys + +0:20:40.410,0:20:42.910 +so they can decrypt it later + +0:20:42.910,0:20:47.860 +and uh, yeah, it's not... + +0:20:47.860,0:20:50.010 +and it's actually last week was the first case + +0:20:50.010,0:20:52.890 +when this was actually used in + +0:20:52.890,0:20:56.600 +Great Britain + +0:20:56.600,0:21:00.720 +uh, there can be special laws like in Germany + +0:21:00.720,0:21:03.480 +sort of like a hacker paragraph + +0:21:03.480,0:21:06.990 +just a nickname, it has some cryptic legal name + +0:21:06.990,0:21:07.940 +uh, in reality + +0:21:07.940,0:21:11.090 +and it says that uh + +0:21:11.090,0:21:14.570 +you're liable if you, uh, + +0:21:14.570,0:21:17.360 +if you give people access to tools + +0:21:17.360,0:21:20.020 +that they can use to uh, + +0:21:20.020,0:21:22.270 +well, to do illegal stuff. + +0:21:22.270,0:21:23.630 +More or less. + +0:21:23.630,0:21:27.080 +It's really uh, + +0:21:27.080,0:21:29.080 +not concrete and no one really... + +0:21:29.080,0:21:30.440 +it could uh, + +0:21:30.440,0:21:31.929 +it could + +0:21:31.929,0:21:36.669 +restrict anything. From a map to a + +0:21:36.669,0:21:39.210 +to God know what? Network tools. + +0:21:39.210,0:21:40.880 +and uh + +0:21:40.880,0:21:43.559 +But it was actually, it was actually passed so no one +really knows + +0:21:43.559,0:21:45.510 +what's the, uhm + +0:21:45.510,0:21:46.490 +what's really + +0:21:46.490,0:21:50.260 +restrict by it. So Tor could be restricted + +0:21:50.260,0:21:55.590 +by it, because it could really enable people to do +illegal stuff, + +0:21:55.590,0:21:58.640 +but no one really knows + +0:21:58.640,0:22:00.990 +and uh, the biggest Tor + +0:22:00.990,0:22:02.250 +problems + +0:22:02.250,0:22:07.480 +that, uh + +0:22:07.480,0:22:10.180 +when uh, when it actually gets sent to a Tor network + +0:22:10.180,0:22:13.210 +the uh, the + +0:22:13.210,0:22:14.669 +IP address that + +0:22:14.669,0:22:16.210 +gets sent + +0:22:16.210,0:22:17.220 +well that's what the destination server + +0:22:17.220,0:22:19.090 +actually sees + +0:22:19.090,0:22:21.200 +is one of the exit nodes. + +0:22:21.200,0:22:22.380 +So when, uh + +0:22:22.380,0:22:23.740 +when a client + +0:22:23.740,0:22:26.090 +actually causes trouble, + +0:22:26.090,0:22:26.950 +then the one + +0:22:26.950,0:22:29.790 +that gets into trouble + +0:22:29.790,0:22:32.460 +is the exit nodes provider. And uh, + +0:22:32.460,0:22:33.560 +so stuff that gets done + +0:22:33.560,0:22:38.620 +for torment purpose like sending ransom mails or uh, + +0:22:38.620,0:22:40.480 +distributing illegal stuff + +0:22:40.480,0:22:42.040 +and it, this all happened + +0:22:42.040,0:22:43.500 +and, if you are + +0:22:43.500,0:22:46.460 +unlucky as an exit node operator + +0:22:46.460,0:22:47.109 +your server gets seized or something + +0:22:47.109,0:22:52.059 +and uh, + +0:22:52.059,0:22:55.530 +that's random stuff that can happen + +0:22:55.530,0:22:56.540 +though, uh, + +0:22:56.540,0:22:59.559 +as an exit nodes provider you can get + +0:22:59.559,0:23:03.690 +letters from Law Enforcement entities, and uh + +0:23:03.690,0:23:05.649 +What are you doing there? + +0:23:05.649,0:23:06.830 +Maybe some illegal stuff? + +0:23:06.830,0:23:10.040 +And you have to explain to them that you are + +0:23:10.040,0:23:12.260 +providing Tor server + +0:23:12.260,0:23:13.980 +it wasn't you + +0:23:13.980,0:23:15.120 +and stuff. + +0:23:15.120,0:23:18.020 +For example the FBI + +0:23:18.020,0:23:19.960 +in America + +0:23:19.960,0:23:23.580 +actually knows what you're talking about when you tell them + +0:23:23.580,0:23:24.580 +that you're using Tor... + +0:23:24.580,0:23:26.019 +so, uh + +0:23:26.019,0:23:26.600 +they won't bother. + +0:23:26.600,0:23:28.810 +But in Germany the uh, + +0:23:28.810,0:23:34.830 +Law Enforcement agencies, actually are, so so + +0:23:34.830,0:23:41.440 +depends on what kind of guy you're actually talking to + +0:23:41.440,0:23:47.120 +So what's... what kind of role plays FreeBSD here? + +0:23:47.120,0:23:51.880 +uh, FreeBSD is really well suited as a Tor node, uh + +0:23:51.880,0:23:55.490 +when you're operating the client you just want to use the +network, uh + +0:23:55.490,0:23:57.830 +it doesn't matter what kind of system you use + +0:23:57.830,0:23:59.150 +and it shouldn't matter + +0:23:59.150,0:24:00.830 +There's one of the, uh + +0:24:00.830,0:24:03.130 +like I said earlier one of the design + +0:24:03.130,0:24:05.500 +criteria of Tor + +0:24:05.500,0:24:08.610 +so it doesn't matter if you're using Windows or FreeBSD. + +0:24:08.610,0:24:09.929 +But if you're using the Tor + +0:24:09.929,0:24:14.290 +as actually uh, + +0:24:14.290,0:24:17.320 +the security of other depends on your node + +0:24:17.320,0:24:20.690 +and uh, + +0:24:20.690,0:24:22.950 +when you're operating a node is important to + +0:24:22.950,0:24:25.310 +have Operational Security + +0:24:25.310,0:24:25.980 +and Jails + +0:24:25.980,0:24:27.550 +are really great for this, + +0:24:27.550,0:24:29.980 +so you can run a Tor server in Jail. + +0:24:29.980,0:24:32.950 +It's also Disk and Swap encryption + +0:24:32.950,0:24:38.010 +which is important, especialy the swap encryption. And uh, + +0:24:38.010,0:24:39.390 +there's also audit + +0:24:39.390,0:24:40.740 +and the mac framework + +0:24:40.740,0:24:43.780 +when you want to run your installation + +0:24:43.780,0:24:46.220 +What's also nice, + +0:24:46.220,0:24:46.659 +Tor servers do a lot of public key encryption + +0:24:46.659,0:24:48.440 +and it's pretty slow + +0:24:48.440,0:24:49.480 +so it's great to have + +0:24:49.480,0:24:54.750 +hardware acceleration for this. + +0:24:54.750,0:24:56.160 +And uh, probably the biggest feature: + +0:24:56.160,0:25:03.160 +Well maintained Tor-related ports. + +0:25:04.060,0:25:07.390 +There is the main port, security Tor + +0:25:07.390,0:25:11.370 +Which is a client and server if you want to run + +0:25:11.370,0:25:13.610 +a network node, or just a client. + +0:25:13.610,0:25:15.210 +There's Tor level + +0:25:15.210,0:25:16.450 +and these are really up to date, uhm + +0:25:16.450,0:25:22.830 +Tor development happens really fast + +0:25:22.830,0:25:23.710 +and ports get updated + +0:25:23.710,0:25:30.710 +pretty soon after a release is made. + +0:25:32.050,0:25:39.050 +There's Privoxy, which is an uhm web proxy and uhm, +we'll use it later when we do the demonstration + +0:25:41.320,0:25:44.310 +And there's net management Vidalia which is a +graphical content + +0:25:44.310,0:25:47.200 +also for Windows + +0:25:47.200,0:25:48.260 +and, uhm + +0:25:48.260,0:25:53.929 +there's trans-proxy Tor + +0:25:53.929,0:25:58.650 +which enables you to actually + +0:25:58.650,0:25:59.560 +uhm, well there's some + +0:25:59.560,0:26:02.080 +badly written applications out there + +0:26:02.080,0:26:05.280 +that do stuff that's + +0:26:05.280,0:26:07.510 +that makes it hard for Tor to + +0:26:07.510,0:26:08.860 +run with them + +0:26:08.860,0:26:10.810 +and you can use trans-proxy Tor + +0:26:10.810,0:26:15.510 +to tunnel such connections through the Tor network. + +0:26:15.510,0:26:20.580 +We'll actually talk about them in the next slide. + +0:26:20.580,0:26:24.960 +Yeah. What else do you need to take care of +besides running Tor? + +0:26:24.960,0:26:27.130 +Uh, there's name resolution, uh... + +0:26:27.130,0:26:28.760 +Some applications just + +0:26:28.760,0:26:30.500 +bypass the configured proxy + +0:26:30.500,0:26:34.500 +for example FireFox versions below version 1.5, + +0:26:34.500,0:26:35.700 +which send every data, + +0:26:35.700,0:26:38.320 +all data through the proxy + +0:26:38.320,0:26:38.909 +but not + +0:26:38.909,0:26:40.880 +DNS requests + +0:26:40.880,0:26:44.380 +so they actually result in mistrust + +0:26:44.380,0:26:46.450 +and uh, so yeah + +0:26:46.450,0:26:49.280 +the connection is actually anonymized + +0:26:49.280,0:26:51.080 +but the DNS server + +0:26:51.080,0:26:52.250 +really knows + +0:26:52.250,0:26:53.870 +uh, who you were talking to + +0:26:53.870,0:27:00.870 +and this is really the intention of Tor, but uh, +newer versions actually takes. + +0:27:03.130,0:27:04.240 +Uh, there's the usual + +0:27:04.240,0:27:09.990 +cookies, web-bugs, referrer and stuff, uhm + +0:27:09.990,0:27:11.800 +which uh, + +0:27:11.800,0:27:13.530 +sites can use to check which + +0:27:13.530,0:27:20.530 +websites you're visiting, and it's just the +usual disabling stuff + +0:27:20.549,0:27:23.250 +Privoxy is a great tool to + +0:27:23.250,0:27:28.160 +normalize HTTP traffic. + +0:27:28.160,0:27:30.010 +And it's also great to uhm, well filter off advertising + +0:27:30.010,0:27:36.370 +and stuff. + +0:27:36.370,0:27:38.660 +This should be really obvious + +0:27:38.660,0:27:41.110 +but apparently is not. Uhm, + +0:27:41.110,0:27:43.770 +There's so many people who don't realize + +0:27:43.770,0:27:44.700 +that the last connection + +0:27:44.700,0:27:46.380 +chain is actually unencrypted + +0:27:46.380,0:27:50.900 +if you're using, uh + +0:27:50.900,0:27:53.250 +if you're not using a secure protocol. + +0:27:53.250,0:27:54.100 +So, + +0:27:54.100,0:27:56.440 +people actually uhm, + +0:27:56.440,0:27:59.430 +get their mail through POP3 or something + +0:27:59.430,0:28:04.870 +and the exit nodes can just run desniff and sniff +out all the passwords. + +0:28:04.870,0:28:11.870 +And it's really surprising how many people uh, do this. + +0:28:13.450,0:28:16.700 +So, lesson learned: use secure protocol. + +0:28:16.700,0:28:18.220 +There are also other services that require + +0:28:18.220,0:28:20.630 +registration, for example, + +0:28:20.630,0:28:22.040 +with your e-mail address or + +0:28:22.040,0:28:23.640 +personal + +0:28:23.640,0:28:25.360 +data + +0:28:25.360,0:28:27.590 +and uh, well + +0:28:27.590,0:28:28.620 +if you're using Tor and you + +0:28:28.620,0:28:35.620 +actually log on to one of those services, Tor can help you + +0:28:40.850,0:28:42.440 +So, once I actually demonstrate how + +0:28:42.440,0:28:49.440 +this all works. + +0:29:13.550,0:29:15.520 +Uh, I've installed Tor and + +0:29:15.520,0:29:22.520 +Privoxy on this system + +0:29:24.810,0:29:27.180 +the config files are on the usual places. + +0:29:27.180,0:29:34.180 +And if you read this, this little.. small.. Is this alright? + +0:29:46.950,0:29:50.600 +So there is this Tor I see sample file + +0:29:50.600,0:29:57.600 +which we can use + +0:30:07.020,0:30:08.370 +so this + +0:30:08.370,0:30:10.340 +there's the usual commands and stuff + +0:30:10.340,0:30:11.030 +and this, + +0:30:11.030,0:30:15.720 +much stuff that we don't need for the moment + +0:30:15.720,0:30:19.840 +there's this uh, + +0:30:19.840,0:30:24.220 +SOCKS port and SOCKS listen address information + +0:30:24.220,0:30:31.220 +that's the + +0:30:32.770,0:30:34.659 +tells you where to connect your uh, + +0:30:34.659,0:30:36.679 +your proxy to + +0:30:36.679,0:30:38.200 +so this is the information that we use in Privoxy to + +0:30:38.200,0:30:41.450 +access Tor. + +0:30:41.450,0:30:42.190 +Uhm, + +0:30:42.190,0:30:45.320 +all we have to do to actually use Tor is + +0:30:45.320,0:30:48.970 +copy over the config file. + +0:30:48.970,0:30:55.970 +Start the service + +0:31:04.110,0:31:10.570 +so, it tells us it's running... Now we have to + +0:31:10.570,0:31:12.350 +take a look at Privoxy + +0:31:20.880,0:31:25.120 +There's also lots of stuff that we don't need +right now + +0:31:25.120,0:31:30.360 +What we need is the uh, + +0:31:30.360,0:31:31.740 +we need to tell + +0:31:31.740,0:31:33.809 +Privoxy uh, + +0:31:33.809,0:31:40.809 +where to send connections requests. + +0:31:51.740,0:31:53.659 +Ok, I've actually entered this earlier + +0:31:53.659,0:31:54.860 +uhm, + +0:31:54.860,0:31:58.700 +all it says is uh, + +0:31:58.700,0:32:03.490 +forward all requests to + +0:32:03.490,0:32:10.490 +the uh, SOCKS client + +0:32:13.020,0:32:20.020 +So we just start + +0:32:34.120,0:32:38.870 +Ok, so we all set + +0:32:38.870,0:32:40.480 +Now we can just do + +0:32:40.480,0:32:47.480 +everything with our brother + +0:32:50.790,0:32:52.029 +we all started times + +0:32:52.029,0:32:59.029 +a bit slow on my external drive + +0:33:06.860,0:33:08.070 +okay, uh + +0:33:08.070,0:33:11.470 +proxy settings + +0:33:11.470,0:33:16.140 +we just put in our Privoxy server + +0:33:16.140,0:33:23.140 +which listens on port 3128, hopefully, or does it? +Oh, 8108, that's it. + +0:33:47.360,0:33:49.060 +Ok, so every + +0:33:49.060,0:33:56.060 +connection we want to make should actually be routed +through the Tor network + +0:33:56.820,0:33:58.880 +uhm, this is going to take a little bit, + +0:33:58.880,0:34:01.950 +'cause all the route selection needs to be done + +0:34:01.950,0:34:08.950 +all the public crypto, there's also network latency + +0:34:13.059,0:34:14.539 +Once the connections are actually setup + +0:34:14.539,0:34:17.789 +it's pretty fast, not like this + +0:34:17.789,0:34:21.159 +and it's uh, really dependent upon uh, + +0:34:21.159,0:34:21.419 +which + +0:34:21.419,0:34:23.059 +kind of nodes you get + +0:34:23.059,0:34:26.669 +if you have a node that is running a modem then, + +0:34:26.669,0:34:33.669 +you'll have problem, it's really slow + +0:34:36.099,0:34:42.989 +ok, while waiting + +0:34:42.989,0:34:45.319 +we can actually take a look + +0:34:45.319,0:34:52.319 +at how our hidden service is configured + +0:34:59.699,0:35:03.369 +there's some lines for the Tor config file + +0:35:03.369,0:35:07.439 +the routing services + +0:35:07.439,0:35:14.219 +Ok, so you can see here hidden services here and +hidden service port + +0:35:14.219,0:35:19.369 +as I said, the hidden service is identified by a +public key, and uh, if you + +0:35:19.369,0:35:22.159 +uncommand this sutff, + +0:35:22.159,0:35:24.999 +and uh, + +0:35:24.999,0:35:26.619 +we start Tor + +0:35:26.619,0:35:28.249 +quickly + +0:35:28.249,0:35:31.690 +generate a public key and put it into the start tree + +0:35:31.690,0:35:38.690 +and it will, uh, well it actually says to uh, + +0:35:40.659,0:35:47.659 +where this omni address earlier, + +0:35:48.549,0:35:49.539 +we'll just + +0:35:49.539,0:35:56.539 +route every connection through this address to this +local nodes line + +0:36:02.119,0:36:07.199 +This could be the case that uh, + +0:36:07.199,0:36:08.640 +that an exit node + +0:36:08.640,0:36:11.599 +doesn't uh, + +0:36:11.599,0:36:18.599 +allow + +0:36:19.779,0:36:22.900 +Ok, this is typical that when you want to show stuff +it doesn't work + +0:36:22.900,0:36:25.369 +it worked earlier, so uh, it's not the network's fault + +0:36:25.369,0:36:27.619 +let's uh, + +0:36:27.619,0:36:31.609 +back to the hidden services + +0:36:31.609,0:36:38.609 +So we actually need to + +0:36:39.230,0:36:46.230 +change this + +0:36:51.170,0:36:55.099 +The default directory in FreeBSD is bar/db/Tor + +0:36:55.099,0:36:57.909 +and uh, + +0:36:57.909,0:37:03.249 +and when we start Tor it will actually, uh + +0:37:03.249,0:37:07.499 +create the service directory + +0:37:07.499,0:37:11.789 +by itself. It's also a web server listening on port 80 +on localhost + +0:37:11.789,0:37:13.889 +so we can + +0:37:13.889,0:37:20.889 +and hopefully will be able to see it later on + +0:37:45.849,0:37:48.529 +okay, so let's see if + +0:37:48.529,0:37:49.679 +this stuff is already + +0:37:49.679,0:37:56.679 +actually created. + +0:38:02.829,0:38:03.790 +Ok, so you have + +0:38:03.790,0:38:05.069 +two parts in this directory + +0:38:05.069,0:38:11.650 +hostname and private key. Private key is uh, + +0:38:11.650,0:38:14.739 +and the hostname is actually what you give to people +if you want to + +0:38:14.739,0:38:21.739 +to publish your service + +0:38:33.319,0:38:36.039 +this is actually less likely to work right now + +0:38:36.039,0:38:40.059 +because it takes some time for Tor to choose these + +0:38:40.059,0:38:41.639 +introduction points, + +0:38:41.639,0:38:44.880 +send all this stuff to directory services + +0:38:44.880,0:38:47.369 +it takes time for directory services to sync up + +0:38:47.369,0:38:54.329 +and actually distribute information to the clients + +0:38:54.329,0:39:00.789 +and when we want to exit the service, we actually put +this address into the uh, + +0:39:00.789,0:39:03.889 +the address line, and uh, + +0:39:03.889,0:39:05.069 +Tor knows how to + +0:39:05.069,0:39:12.069 +deal with this uh, the Onion pop up domain, so uh + +0:39:15.410,0:39:22.410 +this usually actually works. Let's see what's going on here... + +0:39:33.499,0:39:35.049 +Well, like I said + +0:39:35.049,0:39:37.529 +this one will take a while and + +0:39:37.529,0:39:40.450 +what's going on with the other one? I can actually see + +0:39:40.450,0:39:45.039 +But uh, + +0:39:45.039,0:39:47.850 +usually you can just go to one of these server websites + +0:39:47.850,0:39:50.209 +that tell you your IP address, and + +0:39:50.209,0:39:52.899 +Google is a fair example + +0:39:52.899,0:39:56.709 +you can go to Google and Google will get you a + +0:39:56.709,0:40:00.589 +localized web page. + +0:40:00.589,0:40:02.879 +For example, when you are from Germany, and you go to + +0:40:02.879,0:40:04.099 +Google.com, you get a German webpage + +0:40:04.099,0:40:07.379 +and if you're using Tor and you go to Google, + +0:40:07.379,0:40:09.679 +it depends + +0:40:09.679,0:40:10.319 +upon where your exit point is located + +0:40:10.319,0:40:11.859 +for example, + +0:40:11.859,0:40:14.029 +if it is in the Netherlands, + +0:40:14.029,0:40:21.029 +you get a Dutch Google, which is uh, pretty cool. + +0:40:23.329,0:40:25.549 +so uh, + +0:40:25.549,0:40:27.419 +I'll have to take a look later + +0:40:27.419,0:40:28.829 +while I'm working + +0:40:28.829,0:40:35.829 +so let's just, continue for a moment + +0:40:38.569,0:40:41.009 +ok, to summarize, uh + +0:40:41.009,0:40:44.799 +Tor is actually useful if + +0:40:44.799,0:40:51.799 +you want to be hidden on the net. If it actually works. +Not in this case, uh + +0:40:55.519,0:40:59.339 +Tor is usually pretty cool to offer services from anywhere + +0:40:59.339,0:41:00.410 +so theoretically + +0:41:00.410,0:41:02.509 +it should work + +0:41:02.509,0:41:03.549 +I should + +0:41:03.549,0:41:06.049 +publish my hidden services from around here + +0:41:06.049,0:41:10.429 +and anyone in the world that's connected to the Tor network +can actually exit it, access it + +0:41:10.429,0:41:12.169 +and uh + +0:41:12.169,0:41:14.799 +Privoxy is a pretty cool platform for Tor + +0:41:14.799,0:41:18.819 +'cause it's for one, it has very nice + +0:41:18.819,0:41:21.779 +security features like jail + +0:41:21.779,0:41:23.949 +and if you want to run a Tor node + +0:41:23.949,0:41:25.899 +and uh, + +0:41:25.899,0:41:27.949 +tools like Tor are really needed + +0:41:27.949,0:41:28.860 +in our time + +0:41:28.860,0:41:35.860 +this isn't going + +0:41:36.599,0:41:43.599 +to get better any time soon; so uh, we better +create the tools now + +0:41:45.779,0:41:52.779 +to circumvent this + +0:41:52.899,0:41:59.039 +Take a quick look at the uh browser again + +0:41:59.039,0:42:00.089 +currently the uh, + +0:42:00.089,0:42:02.660 +connection set up failed + +0:42:02.660,0:42:04.070 +which I can't do anything about right now. + +0:42:04.070,0:42:11.070 +uh, which one? + +0:42:23.089,0:42:25.629 +Oh, that's all me + +0:42:25.629,0:42:27.539 +uhm + +0:42:27.539,0:42:30.249 +it depends upon + +0:42:30.249,0:42:33.140 +you can use any port you like + +0:42:33.140,0:42:34.539 +depend on uh, + +0:42:34.539,0:42:39.279 +what port the nodes use. Nodes can use any port + +0:42:39.279,0:42:42.259 +for example, when I don't want to run nodes + +0:42:42.259,0:42:44.109 +I can put it on pause + +0:42:44.109,0:42:45.679 +port 80 if you want + +0:42:45.679,0:42:47.470 +so anyone who uh + +0:42:47.470,0:42:49.219 +who has uh + +0:42:49.219,0:42:50.979 +HTTP access can actually access my node + +0:42:53.009,0:42:56.529 +so uh + +0:42:56.529,0:43:01.299 +yet in theory uh + +0:43:01.299,0:43:05.959 +you can use any port you like. + +0:43:05.959,0:43:12.009 +So, this isn't going to work. + +0:43:12.009,0:43:13.519 +Maybe I'll just uh, + +0:43:13.519,0:43:20.519 +if anyone is interested, I'll just try again later + +0:43:33.089,0:43:34.680 +That's port 80 + +0:43:34.680,0:43:39.369 +it's a you know, HTTP connection so, + +0:43:39.369,0:43:42.359 +So, are there any questions? + +0:43:42.359,0:43:49.359 +Yes? + +0:44:06.140,0:44:08.689 +Well, usually I use Opera, so + +0:44:08.689,0:44:13.679 +a + +0:44:13.679,0:44:15.659 +I didn't know + +0:44:26.839,0:44:28.970 +Yes, there are about 300 uh, + +0:44:32.879,0:44:35.040 +I think about + +0:44:35.040,0:44:39.759 +300 Tor servers around the world + +0:44:39.759,0:44:43.349 +No, it's uh correct + +0:44:43.349,0:44:47.119 +at the moment there are three directory servers + +0:44:47.119,0:44:49.579 +worldwide + +0:44:49.579,0:44:51.630 +you can recognize them by their public key + +0:44:51.630,0:44:52.909 +and their public keys are + +0:44:52.909,0:44:56.119 +hard coded into the source code at the moment + +0:44:56.119,0:44:58.799 +so, the uh + +0:44:58.799,0:45:01.499 +Tor developers actually run those directory servers + +0:45:01.499,0:45:08.499 +but this is really crypto infrastucture + +0:45:11.729,0:45:12.719 +uhm + +0:45:12.719,0:45:14.729 +Well it's it's hard to say + +0:45:14.729,0:45:16.219 +'cause the question was uh + +0:45:16.219,0:45:21.799 +Were there any estimates on uh, + +0:45:21.799,0:45:26.489 +net usage and other stuff + +0:45:26.489,0:45:31.730 +it's really hard to say because it's an anonymization +network so uh, + +0:45:31.730,0:45:32.999 +you can't say for sure, but there are estimates of +one hundred thousand users around the world + +0:45:32.999,0:45:36.949 +and uh, I'm not sure of the traffic. + +0:45:36.949,0:45:39.219 +I used to run a middleman node, + +0:45:39.219,0:45:40.369 +and in one monthm + +0:45:40.369,0:45:42.699 +it would make + +0:45:42.699,0:45:43.849 +it was on a one hundred megabits + +0:45:43.849,0:45:45.359 +or dedicated line, + +0:45:45.359,0:45:47.249 +and it made about one terabyte of traffic + +0:45:47.249,0:45:49.459 +so it's a lot of traffic + +0:45:49.459,0:45:52.449 +going on + +0:45:52.449,0:45:56.259 +and unfortunately also a lot of filesharing systems + +0:45:56.259,0:45:59.739 +which it doesn't relly make sense 'cause they're slow + +0:45:59.739,0:46:00.570 +so uhm, + +0:46:00.570,0:46:01.609 +Tor is really cool + +0:46:01.609,0:46:03.359 +for web browsing and stuff + +0:46:03.359,0:46:10.359 +but if you really want to move a lot of data it's +not a good tool + +0:46:10.759,0:46:11.479 +ah, any other questions? Doesn't seem to be the case. Ok! |