path: root/en_US.ISO8859-1/captions/2007/meetbsd/brueffer-torprvacy.sbv

0:00:09.649,0:00:15.249
Fortunately my slide will be centered, because
I'll have to change resolutions, I think this works out..

0:00:15.249,0:00:19.310
And, it's about protecting your privacy with FreeBSD and Tor

0:00:19.310,0:00:20.859
and, uh...

0:00:20.859,0:00:21.480
Privacy

0:00:21.480,0:00:25.859
what I mean here is mostly anonymity

0:00:25.859,0:00:28.889
but there are some other aspects that

0:00:28.889,0:00:34.390
I'll talk about later

0:00:34.390,0:00:36.290
uh, so...

0:00:36.290,0:00:39.500
I want to first talk about who needs anonimity anyway

0:00:39.500,0:00:42.880
is it just for criminals or some other bad guys, right?

0:00:42.880,0:00:44.209
after this

0:00:44.209,0:00:50.940
anonymization concepts, then Tor. Tor's a, well, a tool

0:00:50.940,0:00:52.870
to, uh...

0:00:52.870,0:00:59.320
anonymize you on the Web. Then I'll talk about what
FreeBSD can do with it

0:00:59.320,0:01:00.430
and what else

0:01:00.430,0:01:01.980
you have to take care of

0:01:01.980,0:01:06.070
when you want to be anonymous on the Web or the Internet

0:01:06.070,0:01:06.650
and uh,

0:01:06.650,0:01:12.280
if time permits I'd like to do a little demonstration

0:01:12.280,0:01:16.970
Ok, so who needs anonymity anyway?

0:01:16.970,0:01:20.510
Anonymity is a pretty vast

0:01:20.510,0:01:22.030
interest to most people

0:01:22.030,0:01:24.740
but it's really important for

0:01:24.740,0:01:26.400
journalists... There was a case in, uh,

0:01:26.400,0:01:28.619
Thailand last year

0:01:28.619,0:01:32.510
when the military coup was going on

0:01:32.510,0:01:38.150
and the journalists in Thailand couldn't really uh,

0:01:38.150,0:01:39.830
journalists couldn't really, uh

0:01:39.830,0:01:43.050
get the information they needed to do their work

0:01:43.050,0:01:45.750
also, uh, informants

0:01:45.750,0:01:49.100
whistleblowers... people who want to tell you about

0:01:49.100,0:01:52.490
corruption going on in governments and companies

0:01:52.490,0:01:56.460
and don't want to lose their job for it... Dissidents

0:01:56.460,0:01:58.250
uh, best case

0:01:58.250,0:02:01.610
when in Myanmar

0:02:01.610,0:02:03.750
last few weeks ago

0:02:03.750,0:02:05.290
when the

0:02:05.290,0:02:07.649
all the Buddhists monks were going to the streets and uh,

0:02:07.649,0:02:09.879
the Internet was totally censored

0:02:09.879,0:02:14.899
it was really dangerous to do anything on the Internet

0:02:14.899,0:02:17.719
so, so umm

0:02:17.719,0:02:20.489
socialy sensitive information, like when you want to uh,

0:02:20.489,0:02:23.719
when you were abused

0:02:23.719,0:02:25.769
and want to talk to other people about it

0:02:25.769,0:02:30.039
you don't... naturally you don't want other people to
know who you are

0:02:30.039,0:02:31.840
as it will be very embarrassing

0:02:31.840,0:02:33.779
also Law Enforcement, ah

0:02:33.779,0:02:38.579
for example, uh, when you want to set up a

0:02:38.579,0:02:41.669
an anonymous tipline for crime reporting

0:02:41.669,0:02:45.810
and uh, also companies that want to, uh

0:02:45.810,0:02:48.079
research competition, as one case that, uh

0:02:48.079,0:02:51.029
that a company went to check the, uh

0:02:51.029,0:02:54.339
website competition and they noticed when they used Tor

0:02:54.339,0:02:58.209
that, uh, they were actually getting a different website
when they

0:02:58.209,0:03:00.829
uh, were coming from the corporate LAN

0:03:00.829,0:03:04.609
than anyone else was getting, so ah,

0:03:04.609,0:03:07.509
it's a good way to, uh,

0:03:07.509,0:03:11.859
check out... competition like this

0:03:11.859,0:03:13.349
Also military

0:03:13.349,0:03:15.679
actually military was one of the, uh

0:03:15.679,0:03:17.479
original

0:03:17.479,0:03:20.510
driving forces behind the

0:03:20.510,0:03:24.319
anonymization research.

0:03:24.319,0:03:26.169
and maybe you

0:03:26.169,0:03:28.799
may have heard of the European Union

0:03:28.799,0:03:30.349
Data Retention Directive?

0:03:30.349,0:03:33.039
where, umm

0:03:33.039,0:03:35.739
collection data gets stored

0:03:35.739,0:03:41.259
six to twenty-four months? Depends on the limitation
on the different nations

0:03:41.259,0:03:45.069
Two weeks back this was, uh,

0:03:45.069,0:03:47.729
the law was passed in Germany

0:03:47.729,0:03:48.900
so, uh

0:03:48.900,0:03:50.450
from first January on,

0:03:50.450,0:03:52.159
every connection, phone connection,

0:03:52.159,0:03:55.389
SMS, IP connections,

0:03:55.389,0:03:58.480
email, or the dial-in data needs to be stored

0:03:58.480,0:04:00.449
by providers for six months

0:04:00.449,0:04:02.510
and, uh,

0:04:02.510,0:04:05.379
sooner or later it's going to be in Poland as well

0:04:05.379,0:04:07.689
[talking]

0:04:07.689,0:04:14.689
well, you're part of the Euro Union now, so ah, welcome!

0:04:16.989,0:04:18.529
okay, uh

0:04:18.529,0:04:21.220
that's a

0:04:21.220,0:04:27.110
maybe you want to hide what interests you have and uh,
who you talk to, I mean uh,

0:04:27.110,0:04:30.889
like all of you know the Internet isn't very

0:04:30.889,0:04:34.199
secure in the first place so your ISP can see who you're
talking to

0:04:34.199,0:04:37.780
if they bother to find out

0:04:37.780,0:04:40.709
yeah, and also

0:04:40.709,0:04:46.279
criminals, but um, they already do illegal stuff and they
don't care about

0:04:46.279,0:04:51.629
doing more illegal stuff to stay anonymous, right? They can
uh, steal people's identities, they can rent botnets or
create them in the first place

0:04:51.629,0:04:53.829
and uh,

0:04:53.829,0:04:54.689
or just

0:04:54.689,0:04:59.689
crack one of the thousands of Windows computers online,
no big deal

0:04:59.689,0:05:02.029
so, uh

0:05:02.029,0:05:05.199
Criminals already do this and uh,

0:05:05.199,0:05:06.360
the normal

0:05:06.360,0:05:13.360
citizens can't do this so...

0:05:14.680,0:05:16.460
So all the groups that need anonymization are very different,

0:05:16.460,0:05:18.330
but they all have the same goal, and uh

0:05:18.330,0:05:20.619
that's also one of the

0:05:20.619,0:05:22.229
key concepts of

0:05:22.229,0:05:22.919
anonymization

0:05:22.919,0:05:24.090
you can't really

0:05:24.090,0:05:25.930
stay anonymous on your own

0:05:25.930,0:05:28.999
you needs the help of more people

0:05:28.999,0:05:30.559
and uh,

0:05:30.559,0:05:32.680
the more diverse the group that needs

0:05:32.680,0:05:38.539
anonymity, the better

0:05:38.539,0:05:40.979
Ok, so on to talking about two

0:05:40.979,0:05:42.949
anonymization concepts

0:05:42.949,0:05:44.539
uh huh

0:05:44.539,0:05:51.539
Proxy? Everyone here probably knows how a proxy works,
uh yeah

0:05:52.559,0:05:53.169
LANs connect to the proxy and request

0:05:53.169,0:05:57.290
a website or whatever and the proxy

0:05:57.290,0:06:00.359
just passes it on and pass through

0:06:00.359,0:06:03.789
right

0:06:03.789,0:06:04.680
um

0:06:04.680,0:06:09.329
Proxys are fast and simple but it's a single point of
failure, like uh,

0:06:09.329,0:06:13.139
when law enforcement or anyone else wants to
uh, know

0:06:13.139,0:06:15.289
who you're talking to they just

0:06:15.289,0:06:19.759
get a subpoena or

0:06:19.759,0:06:22.440
break into the computer room or whatever

0:06:22.440,0:06:26.400
it's pretty easy

0:06:26.400,0:06:30.050
Second anonymization concept is mixed,

0:06:30.050,0:06:32.549
it's really old from nineteen eighty one

0:06:32.549,0:06:35.099
so you can see, uh,

0:06:35.099,0:06:41.150
how long the research in this area is going on

0:06:41.150,0:06:43.150
the mix is kind of similar to a proxy

0:06:43.150,0:06:47.090
like, trying to connect to it to send the messages

0:06:47.090,0:06:50.779
and the mix collects them

0:06:50.779,0:06:54.550
and no less than um

0:06:54.550,0:06:56.699
it puts them all

0:06:56.699,0:06:58.319
in through different coincides and uhm,

0:06:58.319,0:07:00.169
you see here it

0:07:00.169,0:07:03.849
shuffles them and waits

0:07:03.849,0:07:08.930
til there's enough data in it and just

0:07:08.930,0:07:11.039
shoves them and sends them back out so

0:07:11.039,0:07:18.039
um, this is to protect against correlation effects.

0:07:20.219,0:07:22.439
But second in...

0:07:22.439,0:07:23.379
Oh yeah, and

0:07:23.379,0:07:27.879
when you actually put several mixes uh

0:07:27.879,0:07:31.259
behind them; it's a mixed escape and uh,

0:07:31.259,0:07:32.149
between mixes is also

0:07:32.149,0:07:35.330
a friction going on, uh, the first

0:07:35.330,0:07:38.349
or the client which is

0:07:38.349,0:07:44.069
you could see here if this lights would be centered, uh,

0:07:44.069,0:07:46.029
what else gets the

0:07:46.029,0:07:48.879
public keys of all the mixes

0:07:48.879,0:07:51.160
and encrypts the message first for each of them

0:07:51.160,0:07:54.879
and each mix removes one encryption layer and

0:07:54.879,0:07:59.280
uh, the last one actually passes on the message unencrypted

0:07:59.280,0:08:04.369
and uhm, loop back backwards the same

0:08:04.369,0:08:06.379
So, as you can probably imagine,

0:08:06.379,0:08:11.389
if you wait until you have enough messages, ah, and all
public key encryption

0:08:11.389,0:08:12.280
is going pretty slow

0:08:14.069,0:08:17.939
and uh,

0:08:17.939,0:08:20.360
this concept is mostly used for

0:08:20.360,0:08:22.419
remailers like

0:08:22.419,0:08:26.359
MixMinion, for example uh

0:08:26.359,0:08:28.800
where it's not really a possib... um

0:08:28.800,0:08:32.610
it's not really important

0:08:32.610,0:08:33.979
if the message is a couple of seconds

0:08:33.979,0:08:36.540
late or something, but it's not really

0:08:36.540,0:08:39.870
great for uh, for

0:08:39.870,0:08:41.830
low latency connections,

0:08:41.830,0:08:44.730
like web routing for example

0:08:44.730,0:08:47.060
but what's good about it it's uh

0:08:47.060,0:08:50.500
distrinuted trust uh,

0:08:50.500,0:08:54.940
just one these mixes has to be secure to actually

0:08:54.940,0:08:56.840
anonymize the whole connection

0:08:56.840,0:08:58.460
so it's slow but it's

0:08:58.460,0:09:05.460
distributed trust, which is good.

0:09:06.230,0:09:09.930
So, I want to introduce Tor

0:09:09.930,0:09:12.320
Tor stands for The Onion Router.

0:09:12.320,0:09:16.340
It's a concept that is actually built on

0:09:16.340,0:09:17.720
both these concepts

0:09:17.720,0:09:21.340
mixes and proxies.

0:09:21.340,0:09:22.770
It's a TCP-Overlay network,

0:09:22.770,0:09:24.900
means you can, uh

0:09:24.900,0:09:25.560
channel any

0:09:25.560,0:09:27.320
TCP connection through it

0:09:27.320,0:09:28.480
theoretically

0:09:28.480,0:09:31.310
uh, theoretically I will explain

0:09:31.310,0:09:33.790
a couple of slides later

0:09:33.790,0:09:37.040
it provides a SOCKS interface so you don't need any uh,

0:09:37.040,0:09:42.060
special application proxies like any application that uses
SOCKS interface can just,

0:09:42.060,0:09:43.370
talk to talk

0:09:43.370,0:09:48.070
and it's available on, um, all major platforms

0:09:48.070,0:09:53.940
what is uh, especially important is available in Windows

0:09:53.940,0:09:55.850
'cause, uhm, like I said earlier once

0:09:55.850,0:09:57.740
you want a really diverse,

0:09:57.740,0:09:59.560
really diverse group of users

0:09:59.560,0:10:05.250
so you actually need uh,

0:10:05.250,0:10:06.860
the normal user

0:10:06.860,0:10:13.150
not just geeks.

0:10:13.150,0:10:15.160
Um, well it aims to uhm

0:10:15.160,0:10:15.939
combine the positive attributes of

0:10:15.939,0:10:17.480
proxies and mixes

0:10:17.480,0:10:18.749
Like, proxies are fast, but

0:10:18.749,0:10:20.620
seem prone to failure

0:10:20.620,0:10:21.770
and mixes

0:10:21.770,0:10:24.590
distributed trust, you want to combine them

0:10:24.590,0:10:29.930
so uh

0:10:29.930,0:10:31.310
Fast, uh, Tor use not only public key

0:10:31.310,0:10:33.220
encryption but also session keys

0:10:33.220,0:10:35.170
symmetrically encrypted.

0:10:35.170,0:10:37.260
so uh

0:10:37.260,0:10:41.710
All the connection set up is this public key so you just, uh

0:10:41.710,0:10:44.840
authentication and stuff?

0:10:44.840,0:10:50.860
And uh, the actual communication that's going on later
is always symmetrically encrypted

0:10:50.860,0:10:54.170
And uh, so it's also TCP multiplexing

0:10:54.170,0:10:55.850
so you can run

0:10:55.850,0:10:58.520
several TCP connections through one

0:10:58.520,0:11:02.220
virtual Tor connection.

0:11:02.220,0:11:05.610
And the design goals are

0:11:05.610,0:11:06.790
yeah

0:11:06.790,0:11:07.880
deployability

0:11:07.880,0:11:09.770
like dums want the user to actually have

0:11:09.770,0:11:12.680
to patch his PC off the Operating System or something

0:11:12.680,0:11:16.070
just be in a... workable state really fast

0:11:16.070,0:11:19.340
um, usability,

0:11:19.340,0:11:20.600
so you get the uh,

0:11:20.600,0:11:22.400
normal users

0:11:22.400,0:11:26.850
not just the geeks.  Flexibility, uhm

0:11:26.850,0:11:28.310
it's aimed to

0:11:28.310,0:11:29.910
enable more research

0:11:29.910,0:11:32.010
in this whole area.

0:11:32.010,0:11:33.059
so, uh

0:11:33.059,0:11:34.679
the protocol to all users

0:11:34.679,0:11:37.890
should be really flexible

0:11:37.890,0:11:42.110
And uh, for simplicity it's a security application and

0:11:42.110,0:11:45.900
well complexity doesn't play well with uh,

0:11:45.900,0:11:52.070
security

0:11:52.070,0:11:53.190
So, this uh,

0:11:53.190,0:11:55.300
it's how Tor works, more or less

0:11:55.300,0:11:58.800
Dave is uh, a directory server,

0:11:58.800,0:12:03.160
it uh, caches information about the network state

0:12:03.160,0:12:08.130
and uh, which Tor servers are available in the network

0:12:08.130,0:12:09.490
and uh

0:12:09.490,0:12:10.930
Alice downloads

0:12:10.930,0:12:14.740
this whole list from Dave

0:12:14.740,0:12:18.940
you see the Tor nodes with the plus here?

0:12:18.940,0:12:21.020
Through this random

0:12:21.020,0:12:22.790
tree of service

0:12:22.790,0:12:23.910
when she wants to talk to Jane

0:12:23.910,0:12:30.380
for example

0:12:30.380,0:12:34.280
The first one is the entry node, middle LAN nodes, and the
uh exit nodes, I will leave thes for later

0:12:34.280,0:12:41.000
uh, so this

0:12:41.000,0:12:43.990
Alice talks to the entry node

0:12:43.990,0:12:47.550
there's a connection that is going on and is public key
encrypted

0:12:47.550,0:12:51.330
and they establish a session key and same

0:12:51.330,0:12:53.090
thing goes on

0:12:53.090,0:12:58.520
in these two and these two so they can communicate later on

0:12:58.520,0:12:59.780
What's really important here

0:12:59.780,0:13:00.629
is the last connection here

0:13:00.629,0:13:03.090
is actually unencrypted.

0:13:03.090,0:13:05.240
I will talk about it later

0:13:05.240,0:13:06.610
So it has to be unencrypted

0:13:06.610,0:13:13.610
so you can get your request through

0:13:20.690,0:13:22.700
this is a virtual circuit

0:13:22.700,0:13:24.490
that gets established and uh

0:13:24.490,0:13:29.190
every, every

0:13:29.190,0:13:31.340
ten minutes

0:13:31.340,0:13:32.450
a new circuit is built

0:13:32.450,0:13:37.250
when a new website, when a new request come through, so uh

0:13:37.250,0:13:40.080
this one stays, all these connections above stays

0:13:40.080,0:13:41.940
in this circuit

0:13:41.940,0:13:43.630
and after ten

0:13:43.630,0:13:45.410
when after ten minutes, ah

0:13:45.410,0:13:52.410
Alice wants to talk to Jane, a new circuit is built

0:13:53.610,0:13:55.410
and uh, this is important

0:13:55.410,0:13:56.920
to get strong

0:13:56.920,0:13:57.710
anonymity

0:13:57.710,0:14:00.220
in case one connection is compromised, for example.

0:14:00.220,0:14:01.600
An these ten minutes

0:14:01.600,0:14:04.490
are really an arbitrary value

0:14:04.490,0:14:08.560
,you can choose anything

0:14:08.560,0:14:10.660
you have to do the research

0:14:10.660,0:14:11.970
which value is best and so

0:14:11.970,0:14:18.970
ten minutes is compromised.

0:14:19.840,0:14:22.240
With all you get exit policies,

0:14:22.240,0:14:24.640
this is important for the exit node

0:14:24.640,0:14:27.880
the one which actually send the uh,

0:14:27.880,0:14:30.410
original request to the destination server

0:14:30.410,0:14:31.670
and huh

0:14:31.670,0:14:32.839
you can control which

0:14:32.839,0:14:34.220
TCP connections you want

0:14:34.220,0:14:39.180
to allow from your node if you want

0:14:39.180,0:14:41.000
that's default policy which uh

0:14:41.000,0:14:43.610
blocks SMTP and NNTP to prevent uh

0:14:43.610,0:14:48.080
spamming and all stuff

0:14:48.080,0:14:49.060
but you can actually allow

0:14:49.060,0:14:51.970
SMTP if you want

0:14:51.970,0:14:54.070
and there's some other ports blocked

0:14:54.070,0:14:56.170
but the rest of it works so

0:14:56.170,0:14:57.900
HTTP SSH

0:14:57.900,0:15:01.630
all the important stuff

0:15:01.630,0:15:05.250
that you would want to minimize just works

0:15:05.250,0:15:10.290
and uh, if you uh

0:15:10.290,0:15:13.050
this is important for uh, if you

0:15:13.050,0:15:18.540
want to run you node, uh

0:15:18.540,0:15:19.220
waht kind of node you actually want to run

0:15:19.220,0:15:24.120
if you look at the picture, uh earlier

0:15:24.120,0:15:31.120
there's these three different nodes: entry node,
middleman note, and exit node

0:15:32.400,0:15:34.180
and uh, which node you want to run

0:15:34.180,0:15:36.780
depends on how many problems you want afterwards

0:15:36.780,0:15:39.590
I will talk about it later uh

0:15:39.590,0:15:40.970
this one,

0:15:40.970,0:15:46.950
the exit node actually forwards the uh, requested date, uh

0:15:46.950,0:15:47.700
depends upon what

0:15:47.700,0:15:51.570
what the user actually uh wants, that's

0:15:51.570,0:15:52.830
if the user uh

0:15:52.830,0:15:58.020
Alice in this case uh

0:15:58.020,0:16:02.080
insults someone out on a web forum, then uh the uh

0:16:02.080,0:16:03.470
administrator of the forum will see the IP address

0:16:03.470,0:16:05.340
of the

0:16:05.340,0:16:11.230
exit node in his forum and not the one

0:16:11.230,0:16:15.330
of Alice so uh he's going to have the problems later on

0:16:15.330,0:16:18.250
so I will talk about it later

0:16:18.250,0:16:21.600
but you have to keep this in mind

0:16:21.600,0:16:28.600
and uh, keep up everything and uh we can play the role of
entry nodes and middle man nodes

0:16:30.170,0:16:37.170
which is also important

0:16:39.130,0:16:42.930
Special feature of Tor are hidden services

0:16:42.930,0:16:45.850
these are services which can be

0:16:45.850,0:16:46.990
accessed

0:16:46.990,0:16:49.420
without having an IP address

0:16:49.420,0:16:50.960
so uh

0:16:50.960,0:16:56.300
you can't really find them physically

0:16:56.300,0:16:57.880
so if you want to run a

0:16:57.880,0:16:59.720
hidden service you can do it from anywhere

0:16:59.720,0:17:01.850
do it from inside this private network here

0:17:01.850,0:17:05.950
instead of a service and everyone in the outside world can
actually access it

0:17:05.950,0:17:07.770
even if you don't have the rights to do

0:17:07.770,0:17:11.330
port forwarding or something

0:17:11.330,0:17:13.580
uh, this is really important to, uh

0:17:13.580,0:17:15.690
resist Denial of Service, for example

0:17:15.690,0:17:20.160
'cause every uh,

0:17:20.160,0:17:20.519
every client that wants to

0:17:20.519,0:17:22.829
access the service uh, gets

0:17:22.829,0:17:25.700
gets a different route in the network

0:17:25.700,0:17:26.529
and uh, it's hard

0:17:26.529,0:17:28.460
to actually uh

0:17:28.460,0:17:31.970
DOS it. And it's also important to

0:17:31.970,0:17:33.610
resist censorship

0:17:33.610,0:17:38.510
And the addresses look like this:

0:17:38.510,0:17:43.280
it's really a hash of a private key

0:17:43.280,0:17:47.340
and each hidden service is actually, well, identified

0:17:47.340,0:17:53.300
by a public key

0:17:53.300,0:17:59.000
this how it works, uhm, yet Alice the client

0:17:59.000,0:18:02.170
and the hidden server, Bob.

0:18:02.170,0:18:04.120
And if Bob wants to, uh,

0:18:04.120,0:18:07.640
wants to set up a service,

0:18:07.640,0:18:08.159
he chooses three introduction points

0:18:08.159,0:18:09.899
out of the whole mass

0:18:09.899,0:18:11.920
of Tor servers.

0:18:11.920,0:18:18.920
And Bob has the public key to identify the service,
and uh he sends

0:18:22.530,0:18:26.860
this public key into each of these three introduction
points to the directory server.

0:18:26.860,0:18:28.740
Now Alice wants to uh,

0:18:28.740,0:18:31.610
connect to Bob, but first the first thing she does

0:18:31.610,0:18:34.480
is download this

0:18:34.480,0:18:38.910
this list with the introduction points and the uh

0:18:38.910,0:18:45.910
public key from the directory server. After that, uh

0:18:50.120,0:18:54.299
she choose one of the uh introduction points

0:18:54.299,0:18:55.930
and uh,

0:18:55.930,0:19:02.920
posts a circle rendesvouz cookie there. A piece of
data so uh, she can, uh

0:19:02.920,0:19:05.480
identify herself

0:19:05.480,0:19:06.900
and uh, she also

0:19:06.900,0:19:07.860
gives the introduction point

0:19:07.860,0:19:14.500
the address of her random rendesvouz point that
Alice has chosen

0:19:14.500,0:19:18.550
so what happens then is uh, Bob notices that uh,

0:19:18.550,0:19:23.760
some data has been stored in the introduction point

0:19:23.760,0:19:28.160
and Alice and Bob uh,

0:19:28.160,0:19:31.230
make a rendesvouz point, and

0:19:31.230,0:19:34.940
Bob uses this, this uh

0:19:34.940,0:19:36.700
rendesvouz cookie to

0:19:36.700,0:19:38.180
actually identify himself on the rendesvouz point

0:19:38.180,0:19:39.990
and after that

0:19:39.990,0:19:46.990
all the connection of data runs through this rendesvouz point.

0:19:50.870,0:19:53.180
uh, if time permits I'll actually uh,

0:19:53.180,0:19:54.710
set up a rendesvouz

0:19:54.710,0:19:55.960
a hidden service here

0:19:55.960,0:19:59.120
so you can actually see how it works

0:19:59.120,0:20:06.120
I'll also demonstrate Tor, like I said

0:20:08.800,0:20:09.770
uh, there's some legal issues to be uhm

0:20:09.770,0:20:12.450
recognized, uh.  As you can imagine, Tor may be
forbidden in some

0:20:12.450,0:20:14.880
countries; especially totalitarian countries

0:20:14.880,0:20:17.530
which censor the Internet anyway

0:20:17.530,0:20:18.719
and uh,

0:20:18.719,0:20:21.030
you may get into trouble for using Tor

0:20:21.030,0:20:25.580
practically, anyone knows this

0:20:25.580,0:20:27.580
there can be crytpo restrictions

0:20:27.580,0:20:29.070
for example Great Britain, the uh

0:20:29.070,0:20:33.200
RIPA act, I'm not even sure what it stands for

0:20:33.200,0:20:36.140
but basically says that uh,

0:20:36.140,0:20:37.510
if the government wants,

0:20:37.510,0:20:40.410
then you have to give up your crypto keys

0:20:40.410,0:20:42.910
so they can decrypt it later

0:20:42.910,0:20:47.860
and uh, yeah, it's not...

0:20:47.860,0:20:50.010
and it's actually last week was the first case

0:20:50.010,0:20:52.890
when this was actually used in

0:20:52.890,0:20:56.600
Great Britain

0:20:56.600,0:21:00.720
uh, there can be special laws like in Germany

0:21:00.720,0:21:03.480
sort of like a hacker paragraph

0:21:03.480,0:21:06.990
just a nickname, it has some cryptic legal name

0:21:06.990,0:21:07.940
uh, in reality

0:21:07.940,0:21:11.090
and it says that uh

0:21:11.090,0:21:14.570
you're liable if you, uh,

0:21:14.570,0:21:17.360
if you give people access to tools

0:21:17.360,0:21:20.020
that they can use to uh,

0:21:20.020,0:21:22.270
well, to do illegal stuff.

0:21:22.270,0:21:23.630
More or less.

0:21:23.630,0:21:27.080
It's really uh,

0:21:27.080,0:21:29.080
not concrete and no one really...

0:21:29.080,0:21:30.440
it could uh,

0:21:30.440,0:21:31.929
it could

0:21:31.929,0:21:36.669
restrict anything.  From a map to a

0:21:36.669,0:21:39.210
to God know what? Network tools.

0:21:39.210,0:21:40.880
and uh

0:21:40.880,0:21:43.559
But it was actually, it was actually passed so no one
really knows

0:21:43.559,0:21:45.510
what's the, uhm

0:21:45.510,0:21:46.490
what's really

0:21:46.490,0:21:50.260
restrict by it. So Tor could be restricted

0:21:50.260,0:21:55.590
by it, because it could really enable people to do
illegal stuff,

0:21:55.590,0:21:58.640
but no one really knows

0:21:58.640,0:22:00.990
and uh, the biggest Tor

0:22:00.990,0:22:02.250
problems

0:22:02.250,0:22:07.480
that, uh

0:22:07.480,0:22:10.180
when uh, when it actually gets sent to a Tor network

0:22:10.180,0:22:13.210
the uh, the

0:22:13.210,0:22:14.669
IP address that

0:22:14.669,0:22:16.210
gets sent

0:22:16.210,0:22:17.220
well that's what the destination server

0:22:17.220,0:22:19.090
actually sees

0:22:19.090,0:22:21.200
is one of the exit nodes.

0:22:21.200,0:22:22.380
So when, uh

0:22:22.380,0:22:23.740
when a client

0:22:23.740,0:22:26.090
actually causes trouble,

0:22:26.090,0:22:26.950
then the one

0:22:26.950,0:22:29.790
that gets into trouble

0:22:29.790,0:22:32.460
is the exit nodes provider. And uh,

0:22:32.460,0:22:33.560
so stuff that gets done

0:22:33.560,0:22:38.620
for torment purpose like sending ransom mails or uh,

0:22:38.620,0:22:40.480
distributing illegal stuff

0:22:40.480,0:22:42.040
and it, this all happened

0:22:42.040,0:22:43.500
and, if you are

0:22:43.500,0:22:46.460
unlucky as an exit node operator

0:22:46.460,0:22:47.109
your server gets seized or something

0:22:47.109,0:22:52.059
and uh,

0:22:52.059,0:22:55.530
that's random stuff that can happen

0:22:55.530,0:22:56.540
though, uh,

0:22:56.540,0:22:59.559
as an exit nodes provider you can get

0:22:59.559,0:23:03.690
letters from Law Enforcement entities, and uh

0:23:03.690,0:23:05.649
What are you doing there?

0:23:05.649,0:23:06.830
Maybe some illegal stuff?

0:23:06.830,0:23:10.040
And you have to explain to them that you are

0:23:10.040,0:23:12.260
providing Tor server

0:23:12.260,0:23:13.980
it wasn't you

0:23:13.980,0:23:15.120
and stuff.

0:23:15.120,0:23:18.020
For example the FBI

0:23:18.020,0:23:19.960
in America

0:23:19.960,0:23:23.580
actually knows what you're talking about when you tell them

0:23:23.580,0:23:24.580
that you're using Tor...

0:23:24.580,0:23:26.019
so, uh

0:23:26.019,0:23:26.600
they won't bother.

0:23:26.600,0:23:28.810
But in Germany the uh,

0:23:28.810,0:23:34.830
Law Enforcement agencies, actually are, so so

0:23:34.830,0:23:41.440
depends on what kind of guy you're actually talking to

0:23:41.440,0:23:47.120
So what's... what kind of role plays FreeBSD here?

0:23:47.120,0:23:51.880
uh, FreeBSD is really well suited as a Tor node, uh

0:23:51.880,0:23:55.490
when you're operating the client you just want to use the
network, uh

0:23:55.490,0:23:57.830
it doesn't matter what kind of system you use

0:23:57.830,0:23:59.150
and it shouldn't matter

0:23:59.150,0:24:00.830
There's one of the, uh

0:24:00.830,0:24:03.130
like I said earlier one of the design

0:24:03.130,0:24:05.500
criteria of Tor

0:24:05.500,0:24:08.610
so it doesn't matter if you're using Windows or FreeBSD.

0:24:08.610,0:24:09.929
But if you're using the Tor

0:24:09.929,0:24:14.290
as actually uh,

0:24:14.290,0:24:17.320
the security of other depends on your node

0:24:17.320,0:24:20.690
and uh,

0:24:20.690,0:24:22.950
when you're operating a node is important to

0:24:22.950,0:24:25.310
have Operational Security

0:24:25.310,0:24:25.980
and Jails

0:24:25.980,0:24:27.550
are really great for this,

0:24:27.550,0:24:29.980
so you can run a Tor server in Jail.

0:24:29.980,0:24:32.950
It's also Disk and Swap encryption

0:24:32.950,0:24:38.010
which is important, especialy the swap encryption. And uh,

0:24:38.010,0:24:39.390
there's also audit

0:24:39.390,0:24:40.740
and the mac framework

0:24:40.740,0:24:43.780
when you want to run your installation

0:24:43.780,0:24:46.220
What's also nice,

0:24:46.220,0:24:46.659
Tor servers do a lot of public key encryption

0:24:46.659,0:24:48.440
and it's pretty slow

0:24:48.440,0:24:49.480
so it's great to have

0:24:49.480,0:24:54.750
hardware acceleration for this.

0:24:54.750,0:24:56.160
And uh, probably the biggest feature:

0:24:56.160,0:25:03.160
Well maintained Tor-related ports.

0:25:04.060,0:25:07.390
There is the main port, security Tor

0:25:07.390,0:25:11.370
Which is a client and server  if you want to run

0:25:11.370,0:25:13.610
a network node, or just a client.

0:25:13.610,0:25:15.210
There's Tor level

0:25:15.210,0:25:16.450
and these are really up to date, uhm

0:25:16.450,0:25:22.830
Tor development happens really fast

0:25:22.830,0:25:23.710
and ports get updated

0:25:23.710,0:25:30.710
pretty soon after a release is made.

0:25:32.050,0:25:39.050
There's Privoxy, which is an uhm web proxy and uhm,
we'll use it later when we do the demonstration

0:25:41.320,0:25:44.310
And there's net management Vidalia which is a
graphical content

0:25:44.310,0:25:47.200
also for Windows

0:25:47.200,0:25:48.260
and, uhm

0:25:48.260,0:25:53.929
there's trans-proxy Tor

0:25:53.929,0:25:58.650
which enables you to actually

0:25:58.650,0:25:59.560
uhm, well there's some

0:25:59.560,0:26:02.080
badly written applications out there

0:26:02.080,0:26:05.280
that do stuff that's

0:26:05.280,0:26:07.510
that makes it hard for Tor to

0:26:07.510,0:26:08.860
run with them

0:26:08.860,0:26:10.810
and you can use trans-proxy Tor

0:26:10.810,0:26:15.510
to tunnel such connections through the Tor network.

0:26:15.510,0:26:20.580
We'll actually talk about them in the next slide.

0:26:20.580,0:26:24.960
Yeah. What else do you need to take care of
besides running Tor?

0:26:24.960,0:26:27.130
Uh, there's name resolution, uh...

0:26:27.130,0:26:28.760
Some applications just

0:26:28.760,0:26:30.500
bypass the configured proxy

0:26:30.500,0:26:34.500
for example FireFox versions below version 1.5,

0:26:34.500,0:26:35.700
which send every data,

0:26:35.700,0:26:38.320
all data through the proxy

0:26:38.320,0:26:38.909
but not

0:26:38.909,0:26:40.880
DNS requests

0:26:40.880,0:26:44.380
so they actually result in mistrust

0:26:44.380,0:26:46.450
and uh, so yeah

0:26:46.450,0:26:49.280
the connection is actually anonymized

0:26:49.280,0:26:51.080
but the DNS server

0:26:51.080,0:26:52.250
really knows

0:26:52.250,0:26:53.870
uh, who you were talking to

0:26:53.870,0:27:00.870
and this is really the intention of Tor, but uh,
newer versions actually takes.

0:27:03.130,0:27:04.240
Uh, there's the usual

0:27:04.240,0:27:09.990
cookies, web-bugs, referrer and stuff, uhm

0:27:09.990,0:27:11.800
which uh,

0:27:11.800,0:27:13.530
sites can use to check which

0:27:13.530,0:27:20.530
websites you're visiting, and it's just the
usual disabling stuff

0:27:20.549,0:27:23.250
Privoxy is a great tool to

0:27:23.250,0:27:28.160
normalize HTTP traffic.

0:27:28.160,0:27:30.010
And it's also great to uhm, well filter off advertising

0:27:30.010,0:27:36.370
and stuff.

0:27:36.370,0:27:38.660
This should be really obvious

0:27:38.660,0:27:41.110
but apparently is not.  Uhm,

0:27:41.110,0:27:43.770
There's so many people who don't realize

0:27:43.770,0:27:44.700
that the last connection

0:27:44.700,0:27:46.380
chain is actually unencrypted

0:27:46.380,0:27:50.900
if you're using, uh

0:27:50.900,0:27:53.250
if you're not using a secure protocol.

0:27:53.250,0:27:54.100
So,

0:27:54.100,0:27:56.440
people actually uhm,

0:27:56.440,0:27:59.430
get their mail through POP3 or something

0:27:59.430,0:28:04.870
and the exit nodes can just run desniff and sniff
out all the passwords.

0:28:04.870,0:28:11.870
And it's really surprising how many people uh, do this.

0:28:13.450,0:28:16.700
So, lesson learned: use secure protocol.

0:28:16.700,0:28:18.220
There are also other services that require

0:28:18.220,0:28:20.630
registration, for example,

0:28:20.630,0:28:22.040
with your e-mail address or

0:28:22.040,0:28:23.640
personal

0:28:23.640,0:28:25.360
data

0:28:25.360,0:28:27.590
and uh, well

0:28:27.590,0:28:28.620
if you're using Tor and you

0:28:28.620,0:28:35.620
actually log on to one of those services, Tor can help you

0:28:40.850,0:28:42.440
So, once I actually demonstrate how

0:28:42.440,0:28:49.440
this all works.

0:29:13.550,0:29:15.520
Uh, I've installed Tor and

0:29:15.520,0:29:22.520
Privoxy on this system

0:29:24.810,0:29:27.180
the config files are on the usual places.

0:29:27.180,0:29:34.180
And if you read this, this little.. small.. Is this alright?

0:29:46.950,0:29:50.600
So there is this Tor I see sample file

0:29:50.600,0:29:57.600
which we can use

0:30:07.020,0:30:08.370
so this

0:30:08.370,0:30:10.340
there's the usual commands and stuff

0:30:10.340,0:30:11.030
and this,

0:30:11.030,0:30:15.720
much stuff that we don't need for the moment

0:30:15.720,0:30:19.840
there's this uh,

0:30:19.840,0:30:24.220
SOCKS port and SOCKS listen address information

0:30:24.220,0:30:31.220
that's the

0:30:32.770,0:30:34.659
tells you where to connect your uh,

0:30:34.659,0:30:36.679
your proxy to

0:30:36.679,0:30:38.200
so this is the information that we use in Privoxy to

0:30:38.200,0:30:41.450
access Tor.

0:30:41.450,0:30:42.190
Uhm,

0:30:42.190,0:30:45.320
all we have to do to actually use Tor is

0:30:45.320,0:30:48.970
copy over the config file.

0:30:48.970,0:30:55.970
Start the service

0:31:04.110,0:31:10.570
so, it tells us it's running...  Now we have to

0:31:10.570,0:31:12.350
take a look at Privoxy

0:31:20.880,0:31:25.120
There's also lots of stuff that we don't need
right now

0:31:25.120,0:31:30.360
What we need is the uh,

0:31:30.360,0:31:31.740
we need to tell

0:31:31.740,0:31:33.809
Privoxy uh,

0:31:33.809,0:31:40.809
where to send connections requests.

0:31:51.740,0:31:53.659
Ok, I've actually entered this earlier

0:31:53.659,0:31:54.860
uhm,

0:31:54.860,0:31:58.700
all it says is uh,

0:31:58.700,0:32:03.490
forward all requests to

0:32:03.490,0:32:10.490
the uh, SOCKS client

0:32:13.020,0:32:20.020
So we just start

0:32:34.120,0:32:38.870
Ok, so we all set

0:32:38.870,0:32:40.480
Now we can just do

0:32:40.480,0:32:47.480
everything with our brother

0:32:50.790,0:32:52.029
we all started times

0:32:52.029,0:32:59.029
a bit slow on my external drive

0:33:06.860,0:33:08.070
okay, uh

0:33:08.070,0:33:11.470
proxy settings

0:33:11.470,0:33:16.140
we just put in our Privoxy server

0:33:16.140,0:33:23.140
which listens on port 3128, hopefully, or does it?
Oh, 8108, that's it.

0:33:47.360,0:33:49.060
Ok, so every

0:33:49.060,0:33:56.060
connection we want to make should actually be routed
through the Tor network

0:33:56.820,0:33:58.880
uhm, this is going to take a little bit,

0:33:58.880,0:34:01.950
'cause all the route selection needs to be done

0:34:01.950,0:34:08.950
all the public crypto, there's also network latency

0:34:13.059,0:34:14.539
Once the connections are actually setup

0:34:14.539,0:34:17.789
it's pretty fast, not like this

0:34:17.789,0:34:21.159
and it's uh, really dependent upon uh,

0:34:21.159,0:34:21.419
which

0:34:21.419,0:34:23.059
kind of nodes you get

0:34:23.059,0:34:26.669
if you have a node that is running a modem then,

0:34:26.669,0:34:33.669
you'll have problem, it's really slow

0:34:36.099,0:34:42.989
ok, while waiting

0:34:42.989,0:34:45.319
we can actually take a look

0:34:45.319,0:34:52.319
at how our hidden service is configured

0:34:59.699,0:35:03.369
there's some lines for the Tor config file

0:35:03.369,0:35:07.439
the routing services

0:35:07.439,0:35:14.219
Ok, so you can see here hidden services here and
hidden service port

0:35:14.219,0:35:19.369
as I said, the hidden service is identified by a
public key, and uh, if you

0:35:19.369,0:35:22.159
uncommand this sutff,

0:35:22.159,0:35:24.999
and uh,

0:35:24.999,0:35:26.619
we start Tor

0:35:26.619,0:35:28.249
quickly

0:35:28.249,0:35:31.690
generate a public key and put it into the start tree

0:35:31.690,0:35:38.690
and it will, uh, well it actually says to uh,

0:35:40.659,0:35:47.659
where this omni address earlier,

0:35:48.549,0:35:49.539
we'll just

0:35:49.539,0:35:56.539
route every connection through this address to this
local nodes line

0:36:02.119,0:36:07.199
This could be the case that uh,

0:36:07.199,0:36:08.640
that an exit node

0:36:08.640,0:36:11.599
doesn't uh,

0:36:11.599,0:36:18.599
allow

0:36:19.779,0:36:22.900
Ok, this is typical that when you want to show stuff
it doesn't work

0:36:22.900,0:36:25.369
it worked earlier, so uh, it's not the network's fault

0:36:25.369,0:36:27.619
let's uh,

0:36:27.619,0:36:31.609
back to the hidden services

0:36:31.609,0:36:38.609
So we actually need to

0:36:39.230,0:36:46.230
change this

0:36:51.170,0:36:55.099
The default directory in FreeBSD is bar/db/Tor

0:36:55.099,0:36:57.909
and uh,

0:36:57.909,0:37:03.249
and when we start Tor it will actually, uh

0:37:03.249,0:37:07.499
create the service directory

0:37:07.499,0:37:11.789
by itself.  It's also a web server listening on port 80
on localhost

0:37:11.789,0:37:13.889
so we can

0:37:13.889,0:37:20.889
and hopefully will be able to see it later on

0:37:45.849,0:37:48.529
okay, so let's see if

0:37:48.529,0:37:49.679
this stuff is already

0:37:49.679,0:37:56.679
actually created.

0:38:02.829,0:38:03.790
Ok, so you have

0:38:03.790,0:38:05.069
two parts in this directory

0:38:05.069,0:38:11.650
hostname and private key. Private key is uh,

0:38:11.650,0:38:14.739
and the hostname is actually what you give to people
if you want to

0:38:14.739,0:38:21.739
to publish your service

0:38:33.319,0:38:36.039
this is actually less likely to work right now

0:38:36.039,0:38:40.059
because it takes some time for Tor to choose these

0:38:40.059,0:38:41.639
introduction points,

0:38:41.639,0:38:44.880
send all this stuff to directory services

0:38:44.880,0:38:47.369
it takes time for directory services to sync up

0:38:47.369,0:38:54.329
and actually distribute information to the clients

0:38:54.329,0:39:00.789
and when we want to exit the service, we actually put
this address into the uh,

0:39:00.789,0:39:03.889
the address line, and uh,

0:39:03.889,0:39:05.069
Tor knows how to

0:39:05.069,0:39:12.069
deal with this uh, the Onion pop up domain, so uh

0:39:15.410,0:39:22.410
this usually actually works. Let's see what's going on here...

0:39:33.499,0:39:35.049
Well, like I said

0:39:35.049,0:39:37.529
this one will take a while and

0:39:37.529,0:39:40.450
what's going on with the other one? I can actually see

0:39:40.450,0:39:45.039
But uh,

0:39:45.039,0:39:47.850
usually you can just go to one of these server websites

0:39:47.850,0:39:50.209
that tell you your IP address, and

0:39:50.209,0:39:52.899
Google is a fair example

0:39:52.899,0:39:56.709
you can go to Google and Google will get you a

0:39:56.709,0:40:00.589
localized web page.

0:40:00.589,0:40:02.879
For example, when you are from Germany, and you go to

0:40:02.879,0:40:04.099
Google.com, you get a German webpage

0:40:04.099,0:40:07.379
and if you're using Tor and you go to Google,

0:40:07.379,0:40:09.679
it depends

0:40:09.679,0:40:10.319
upon where your exit point is located

0:40:10.319,0:40:11.859
for example,

0:40:11.859,0:40:14.029
if it is in the Netherlands,

0:40:14.029,0:40:21.029
you get a Dutch Google, which is uh, pretty cool.

0:40:23.329,0:40:25.549
so uh,

0:40:25.549,0:40:27.419
I'll have to take a look later

0:40:27.419,0:40:28.829
while I'm working

0:40:28.829,0:40:35.829
so let's just, continue for a moment

0:40:38.569,0:40:41.009
ok, to summarize, uh

0:40:41.009,0:40:44.799
Tor is actually useful if

0:40:44.799,0:40:51.799
you want to be hidden on the net. If it actually works.
Not in this case, uh

0:40:55.519,0:40:59.339
Tor is usually pretty cool to offer services from anywhere

0:40:59.339,0:41:00.410
so theoretically

0:41:00.410,0:41:02.509
it should work

0:41:02.509,0:41:03.549
I should

0:41:03.549,0:41:06.049
publish my hidden services from around here

0:41:06.049,0:41:10.429
and anyone in the world that's connected to the Tor network
can actually exit it, access it

0:41:10.429,0:41:12.169
and uh

0:41:12.169,0:41:14.799
Privoxy is a pretty cool platform for Tor

0:41:14.799,0:41:18.819
'cause it's for one, it has very nice

0:41:18.819,0:41:21.779
security features like jail

0:41:21.779,0:41:23.949
and if you want to run a Tor node

0:41:23.949,0:41:25.899
and uh,

0:41:25.899,0:41:27.949
tools like Tor are really needed

0:41:27.949,0:41:28.860
in our time

0:41:28.860,0:41:35.860
this isn't going

0:41:36.599,0:41:43.599
to get better any time soon; so uh, we better
create the tools now

0:41:45.779,0:41:52.779
to circumvent this

0:41:52.899,0:41:59.039
Take a quick look at the uh browser again

0:41:59.039,0:42:00.089
currently the uh,

0:42:00.089,0:42:02.660
connection set up failed

0:42:02.660,0:42:04.070
which I can't do anything about right now.

0:42:04.070,0:42:11.070
uh, which one?

0:42:23.089,0:42:25.629
Oh, that's all me

0:42:25.629,0:42:27.539
uhm

0:42:27.539,0:42:30.249
it depends upon

0:42:30.249,0:42:33.140
you can use any port you like

0:42:33.140,0:42:34.539
depend on uh,

0:42:34.539,0:42:39.279
what port the nodes use.  Nodes can use any port

0:42:39.279,0:42:42.259
for example, when I don't want to run nodes

0:42:42.259,0:42:44.109
I can put it on pause

0:42:44.109,0:42:45.679
port 80 if you want

0:42:45.679,0:42:47.470
so anyone who uh

0:42:47.470,0:42:49.219
who has uh

0:42:49.219,0:42:50.979
HTTP access can actually access my node

0:42:53.009,0:42:56.529
so uh

0:42:56.529,0:43:01.299
yet in theory uh

0:43:01.299,0:43:05.959
you can use any port you like.

0:43:05.959,0:43:12.009
So, this isn't going to work.

0:43:12.009,0:43:13.519
Maybe I'll just uh,

0:43:13.519,0:43:20.519
if anyone is interested, I'll just try again later

0:43:33.089,0:43:34.680
That's port 80

0:43:34.680,0:43:39.369
it's a you know, HTTP connection so,

0:43:39.369,0:43:42.359
So, are there any questions?

0:43:42.359,0:43:49.359
Yes?

0:44:06.140,0:44:08.689
Well, usually I use Opera, so

0:44:08.689,0:44:13.679
a

0:44:13.679,0:44:15.659
I didn't know

0:44:26.839,0:44:28.970
Yes, there are about 300 uh,

0:44:32.879,0:44:35.040
I think about

0:44:35.040,0:44:39.759
300 Tor servers around the world

0:44:39.759,0:44:43.349
No, it's uh correct

0:44:43.349,0:44:47.119
at the moment there are three directory servers

0:44:47.119,0:44:49.579
worldwide

0:44:49.579,0:44:51.630
you can recognize them by their public key

0:44:51.630,0:44:52.909
and their public keys are

0:44:52.909,0:44:56.119
hard coded into the source code at the moment

0:44:56.119,0:44:58.799
so, the uh

0:44:58.799,0:45:01.499
Tor developers actually run those directory servers

0:45:01.499,0:45:08.499
but this is really crypto infrastucture

0:45:11.729,0:45:12.719
uhm

0:45:12.719,0:45:14.729
Well it's it's hard to say

0:45:14.729,0:45:16.219
'cause the question was uh

0:45:16.219,0:45:21.799
Were there any estimates on uh,

0:45:21.799,0:45:26.489
net usage and other stuff

0:45:26.489,0:45:31.730
it's really hard to say because it's an anonymization
network so uh,

0:45:31.730,0:45:32.999
you can't say for sure, but there are estimates of
one hundred thousand users around the world

0:45:32.999,0:45:36.949
and uh, I'm not sure of the traffic.

0:45:36.949,0:45:39.219
I used to run a middleman node,

0:45:39.219,0:45:40.369
and in one monthm

0:45:40.369,0:45:42.699
it would make

0:45:42.699,0:45:43.849
it was on a one hundred megabits

0:45:43.849,0:45:45.359
or dedicated line,

0:45:45.359,0:45:47.249
and it made about one terabyte of traffic

0:45:47.249,0:45:49.459
so it's a lot of traffic

0:45:49.459,0:45:52.449
going on

0:45:52.449,0:45:56.259
and unfortunately also a lot of filesharing systems

0:45:56.259,0:45:59.739
which it doesn't relly make sense 'cause they're slow

0:45:59.739,0:46:00.570
so uhm,

0:46:00.570,0:46:01.609
Tor is really cool

0:46:01.609,0:46:03.359
for web browsing and stuff

0:46:03.359,0:46:10.359
but if you really want to move a lot of data it's
not a good tool

0:46:10.759,0:46:11.479
ah, any other questions?  Doesn't seem to be the case.  Ok!