[tor-commits] [webwml/staging] Fix merge conflicts
hiro at torproject.org
hiro at torproject.org
Mon Aug 27 11:02:57 UTC 2018
commit ac08645cea83c2f900f81b57d70734de3ef9d099
Merge: a9e57ef3 d7568ec6
Author: hiro <hiro at torproject.org>
Date: Wed Aug 22 12:25:54 2018 +0200
Fix merge conflicts
docs/en/faq.wml | 3843 +++++++++++++++++++++++++++----------------------------
1 file changed, 1912 insertions(+), 1931 deletions(-)
diff --cc docs/en/faq.wml
index 70e63620,05eaff4e..ee197963
--- a/docs/en/faq.wml
+++ b/docs/en/faq.wml
@@@ -282,9 -294,21 +295,9 @@@
traffic.</a></li>
</ul>
- <a id="abuse"></a>
- <h4 style="margin-bottom: 18px"><a class="anchor" href="#abuse">Abuse:
- </a></h4>
- <ul>
- <li><a href="#Criminals">Doesn't Tor enable criminals to do bad things?
- </a></li>
- <li><a href="#RespondISP">How do I respond to my ISP about my exit
- relay?</a></li>
- <li><a href="#HelpPoliceOrLawyers">I have questions about a Tor IP address
- for a legal case.</a></li>
- </ul>
-
<p>For other questions not yet on this version of the FAQ, see the
- <a
- href="<wikifaq>">wiki FAQ</a> for now.</p>
+ <a href="<wikifaq>">wiki FAQ</a> for now.
+ </p>
<hr>
@@@ -2066,47 -2059,35 +2048,53 @@@ versions
#Accept from all interfaces
SocksListenAddress 0.0.0.0:9100
</pre>
+
<p>
- You can state multiple listen addresses, in the case that you are
- part of several networks or subnets.
+ You can state multiple listen addresses, in the case that you are
+ part of several networks or subnets.
</p>
+
<pre>
- SocksListenAddress 192.168.x.x:9100 #eth0
- SocksListenAddress 10.x.x.x:9100 #eth1
+ SocksListenAddress 192.168.x.x:9100 #eth0
+ SocksListenAddress 10.x.x.x:9100 #eth1
</pre>
+
<p>
- After this, your clients on their respective networks/subnets would specify
- a socks proxy with the address and port you specified SocksListenAddress
- to be.
+ After this, your clients on their respective networks/subnets would specify
+ a socks proxy with the address and port you specified SocksListenAddress
+ to be.
</p>
+
<p>
- Please note that the SocksPort configuration option gives the port ONLY for
- localhost (127.0.0.1). When setting up your SocksListenAddress(es), you need
- to give the port with the address, as shown above.
+ Please note that the SocksPort configuration option gives the port ONLY for
+ localhost (127.0.0.1). When setting up your SocksListenAddress(es), you need
+ to give the port with the address, as shown above.
+ </p>
+
<p>
- If you are interested in forcing all outgoing data through the central Tor
- client/relay, instead of the server only being an optional proxy, you may find
- the program iptables (for *nix) useful.
+ If you are interested in forcing all outgoing data through the central Tor
+ client/relay, instead of the server only being an optional proxy, you may
+ find the program iptables (for *nix) useful.
</p>
+ <a id="IPv6"></a>
+ <h3><a class="anchor" href="#IPv6">How do I use Tor from an IPv6 only host/computer?</a></h3>
+ <p>
+ IPv6 is supported since Tor version 0.2.8.x or newer. To activate it add
+ the following two entries into your torrc file:
+ </p>
+ <pre>
+ ClientUseIPv4 0
+ ClientUseIPv6 1
+ </pre>
+ <p>
+ Note that as of 2018 there aren't many IPv6 users, or IPv6 guards, so Tor over IPv6
+ is less anonymous than Tor over IPv4. You can review the IPv6 implemetation status at our
+ <a href="https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/IPv6Features">IPv6Features</a>
+ wiki page, known issues can be found with the
+ <a href="https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~ipv6">ipv6 keyword</a>.
+ </p>
+
<hr>
<a id="RunningATorRelay"></a>
@@@ -3912,111 -3874,105 +3881,106 @@@ Perhaps even run separate Tor clients f
Please help on all of these!
</p>
- <hr>
-
- <a id="TransportIPnotTCP"></a>
- <h3><a class="anchor" href="#TransportIPnotTCP">You should transport all
- IP packets, not just TCP packets.</a></h3>
-
- <p>
- This would be handy, because it would make Tor better able to handle
- new protocols like VoIP, it could solve the whole need to socksify
- applications, and it would solve the fact that exit relays need to
- allocate a lot of file descriptors to hold open all the exit
- connections.
- </p>
-
- <p>
- We're heading in this direction: see <a
- href="https://trac.torproject.org/projects/tor/ticket/1855">this trac
- ticket</a> for directions we should investigate. Some of the hard
- problems are:
- </p>
-
- <ol>
- <li>IP packets reveal OS characteristics. We would still need to do
- IP-level packet normalization, to stop things like TCP fingerprinting
- attacks. Given the diversity and complexity of TCP stacks, along with <a
- href="#RemotePhysicalDeviceFingerprinting">device
- fingerprinting attacks</a>, it looks like our best bet is shipping our
- own user-space TCP stack.
- </li>
- <li>Application-level streams still need scrubbing. We will still need
- user-side applications like Torbutton. So it won't become just a matter
- of capturing packets and anonymizing them at the IP layer.
- </li>
- <li>Certain protocols will still leak information. For example, we must
- rewrite DNS requests so they are delivered to an unlinkable DNS server
- rather than the DNS server at a user's ISP; thus, we must understand
- the protocols we are transporting.
- </li>
- <li><a
- href="http://crypto.stanford.edu/~nagendra/projects/dtls/dtls.html">DTLS
- </a>
- (datagram TLS) basically has no users, and IPsec sure is big. Once we've
- picked a transport mechanism, we need to design a new end-to-end Tor
- protocol for avoiding tagging attacks and other potential anonymity and
- integrity issues now that we allow drops, resends, et cetera.
- </li>
- <li>Exit policies for arbitrary IP packets mean building a secure
- IDS. Our node operators tell us that exit policies are one of the main
- reasons they're willing to run Tor. Adding an Intrusion Detection System
- to handle exit policies would increase the security complexity of Tor,
- and would likely not work anyway, as evidenced by the entire field of
- IDS
- and counter-IDS papers. Many potential <a href="<page docs/faq-abuse>">abuse</a> issues are resolved by the
- fact that Tor only transports valid TCP streams (as opposed to arbitrary
- IP including malformed packets and IP floods), so exit policies become
- even <i>more</i> important as we become able to transport IP packets. We
- also need to compactly describe exit policies in the Tor directory,
- so clients can predict which nodes will allow their packets to exit
- —
- and clients need to predict all the packets they will want to send in
- a session before picking their exit node!
- </li>
- <li>The Tor-internal name spaces would need to be redesigned. We support
- onion service ".onion" addresses by intercepting the addresses when
- they are passed to the Tor client. Doing so at the IP level will require
- a more complex interface between Tor and the local DNS resolver.
- </li>
- </ol>
-
- <hr>
-
- <a id="HideExits"></a>
- <h3><a class="anchor" href="#HideExits">You should hide the list of Tor
- relays, so people can't block the exits.</a></h3>
-
- <p>
- There are a few reasons we don't:
- </p>
-
- <ol>
- <li>We can't help but make the information available, since Tor clients
- need to use it to pick their paths. So if the "blockers" want it, they
- can get it anyway. Further, even if we didn't tell clients about the
- list of relays directly, somebody could still make a lot of connections
- through Tor to a test site and build a list of the addresses they see.
- </li>
-
- <li>If people want to block us, we believe that they should be allowed
- to
- do so. Obviously, we would prefer for everybody to allow Tor users to
- connect to them, but people have the right to decide who their services
- should allow connections from, and if they want to block anonymous
- users,
- they can.
- </li>
-
- <li>Being blockable also has tactical advantages: it may be a persuasive
- response to website maintainers who feel threatened by Tor. Giving them
- the option may inspire them to <a href="<page docs/faq-abuse>#Bans">stop
- and think</a> about whether they really want to eliminate private access
- to their system, and if not, what other options they might have. The
- time they might otherwise have spent blocking Tor, they may instead
- spend rethinking their overall approach to privacy and anonymity.
- </li>
- </ol>
+ <hr>
+
+ <a id="TransportIPnotTCP"></a>
+ <h3><a class="anchor" href="#TransportIPnotTCP">You should transport all
+ IP packets, not just TCP packets.</a></h3>
+
+ <p>
+ This would be handy, because it would make Tor better able to handle
+ new protocols like VoIP, it could solve the whole need to socksify
+ applications, and it would solve the fact that exit relays need to
+ allocate a lot of file descriptors to hold open all the exit
+ connections.
+ </p>
+
+ <p>
+ We're heading in this direction: see
+ <a href="https://trac.torproject.org/projects/tor/ticket/1855">this trac
+ ticket</a> for directions we should investigate. Some of the hard problems
+ are:
+ </p>
+
+ <ol>
+ <li>IP packets reveal OS characteristics. We would still need to do
+ IP-level packet normalization, to stop things like TCP fingerprinting
+ attacks. Given the diversity and complexity of TCP stacks, along with
+ <a href="#RemotePhysicalDeviceFingerprinting">device fingerprinting
+ attacks</a>, it looks like our best bet is shipping our own user-space TCP
+ stack.
+ </li>
+ <li>Application-level streams still need scrubbing. We will still need
+ user-side applications like Torbutton. So it won't become just a matter
+ of capturing packets and anonymizing them at the IP layer.
+ </li>
+ <li>Certain protocols will still leak information. For example, we must
+ rewrite DNS requests so they are delivered to an unlinkable DNS server
+ rather than the DNS server at a user's ISP; thus, we must understand
+ the protocols we are transporting.
+ </li>
+ <li><a href="http://crypto.stanford.edu/~nagendra/projects/dtls/dtls.html">
+ DTLS</a> (datagram TLS) basically has no users, and IPsec sure is big. Once
+ we've picked a transport mechanism, we need to design a new end-to-end Tor
+ protocol for avoiding tagging attacks and other potential anonymity and
+ integrity issues now that we allow drops, resends, et cetera.
+ </li>
+ <li>Exit policies for arbitrary IP packets mean building a secure IDS. Our
+ node operators tell us that exit policies are one of the main reasons
+ they're willing to run Tor. Adding an Intrusion Detection System to handle
+ exit policies would increase the security complexity of Tor, and would
+ likely not work anyway, as evidenced by the entire field of IDS and
+ counter-IDS papers. Many potential abuse issues are resolved by the fact
+ that Tor only transports valid TCP streams (as opposed to arbitrary IP
+ including malformed packets and IP floods), so exit policies become even
+ <i>more</i> important as we become able to transport IP packets. We also
+ need to compactly describe exit policies in the Tor directory, so clients
+ can predict which nodes will allow their packets to exit — and
+ clients need to predict all the packets they will want to send in a session
+ before picking their exit node!
+ </li>
+ <li>The Tor-internal name spaces would need to be redesigned. We support
+ onion service ".onion" addresses by intercepting the addresses when they
+ are passed to the Tor client. Doing so at the IP level will require a more
+ complex interface between Tor and the local DNS resolver.
+ </li>
+ </ol>
+
+ <hr>
+
+ <a id="HideExits"></a>
+ <h3><a class="anchor" href="#HideExits">You should hide the list of Tor
+ relays, so people can't block the exits.</a></h3>
+
+ <p>
+ There are a few reasons we don't:
+ </p>
+
+ <ol>
+ <li>We can't help but make the information available, since Tor clients
+ need to use it to pick their paths. So if the "blockers" want it, they
+ can get it anyway. Further, even if we didn't tell clients about the
+ list of relays directly, somebody could still make a lot of connections
+ through Tor to a test site and build a list of the addresses they see.
+ </li>
+
+ <li>If people want to block us, we believe that they should be allowed to
+ do so. Obviously, we would prefer for everybody to allow Tor users to
+ connect to them, but people have the right to decide who their services
+ should allow connections from, and if they want to block anonymous users,
+ they can.
+ </li>
+
+ <li>Being blockable also has tactical advantages: it may be a persuasive
+ response to website maintainers who feel threatened by Tor. Giving them
+ the option may inspire them to <a href="<page docs/faq-abuse>#Bans">stop
+ and think</a> about whether they really want to eliminate private access
+ to their system, and if not, what other options they might have. The
+ time they might otherwise have spent blocking Tor, they may instead
+ spend rethinking their overall approach to privacy and anonymity.
+ </li>
+ </ol>
++>>>>>>> faq-datadir
<hr>
@@@ -4095,25 -4028,33 +4063,34 @@@
each connection over many paths.</a></h3>
<p>
- We don't currently think this is a good idea. You see, the attacks we're
- worried about are at the endpoints: the adversary watches Alice (or the
- first hop in the path) and Bob (or the last hop in the path) and learns
- that they are communicating.
+ We don't currently think this is a good idea. You see, the attacks we're
+ worried about are at the endpoints: the adversary watches Alice (or the
+ first hop in the path) and Bob (or the last hop in the path) and learns
+ that they are communicating.
+ </p>
+
+ <p>
+ If we make the assumption that timing attacks work well on even a few
+ packets end-to-end, then having *more* possible ways for the adversary to
+ observe the connection seems to hurt anonymity, not help it.
</p>
+
<p>
- If we make the assumption that timing attacks work well on even a few packets
- end-to-end, then having *more* possible ways for the adversary to observe the
- connection seems to hurt anonymity, not help it.
++
+ Now, it's possible that we could make ourselves more resistant to
+ end-to-end attacks with a little bit of padding and by making each circuit
+ send and receive a fixed number of cells. This approach is more
+ well-understood in the context of high-latency systems. See e.g.
+ <a href="http://freehaven.net/anonbib/#pet05-serjantov">
+ Message Splitting Against the Partial Adversary by Andrei Serjantov and
+ Steven J. Murdoch</a>.
</p>
+
<p>
- Now, it's possible that we could make ourselves more resistant to end-to-end
- attacks with a little bit of padding and by making each circuit send and
- receive a fixed number of cells. This approach is more well-understood in
- the context of high-latency systems. See e.g.
- <a href="http://freehaven.net/anonbib/#pet05-serjantov">
- Message Splitting Against the Partial Adversary by Andrei Serjantov and
- Steven J. Murdoch</a>. Also see our <a href="SendPadding">update on netflow
- padding below</a>.
+ But since we don't currently understand what network and padding
+ parameters, if any, could provide increased end-to-end security, our
+ current strategy is to minimize the number of places that the adversary
+ could possibly see.
</p>
<hr>
More information about the tor-commits
mailing list