Tor Challenge 2014
We are excited to announce the EFF has just launched the second Tor Challenge!
This challenge is somewhat different from the previous edition, as there are now incentives tied to running relays for an extended period of time. The goal is to educate and encourage lots of people to setup relays, and continue to contribute throughout the year.
EFF will be giving out a "limited-edition" sticker to relay operators who keep their relay running for at least 12 months. On top of that, people running a 1MB/s+ relay for 12 months will also receive a Tor t-shirt!
The more high-bandwidth relays we have, the better off the network is as a whole and the more people we will be able to help stay safe and secure online; so please join the EFF & the Tor Project for the 2014 Tor Challenge! Also, help us spread the word about this challenge by sharing this with others!
Comments
Please note that the comment area below has been archived.
You lose href for your link
You lose href for your link to Tor Challenge.
Thanks, this has been fixed.
Thanks, this has been fixed.
I'm running some relays for
I'm running some relays for a while now. Is there a way to get the shirt without entering myself into a database?
buy one
buy one
Another answer is to show up
Another answer is to show up at one of our dev meetings and give us a cash donation. But we're not really set up well for that.
Worse, it isn't even our database -- we outsource the "please print a tshirt and send it to this nice person" process to a print company. (Ok, I should clarify here, I am referring to Tor's general "tshirt for relay" offer -- https://decvnxytmk.oedi.net/getinvolved/tshirt.html . I have no idea what EFF's plan is for the shirts they'll send out in a year.)
Maybe you could use a PO Box, address of a friend, or other more traditional approaches?
Thanks for running relays!
just wanted to mention that
just wanted to mention that the isp bahnhof in sweden are great since they take peoples privacy very seriously. https://www.bahnhof.se/bredband/
unfortunately they are not all aviable everywhere in the country.
however they have never dissrupted any tor connection anywhere,
atleast not any known of. also, prq might be trusted, but are being watched
by the feds (well, who isn't nowdays) lol.
Please guys make a post
Please guys make a post about which email service can be used with Tor Browser.
Many of them can be used
Many of them can be used with Tor Browser -- gmail, riseup, yahoo, etc.
If you want one that's safe to use... "trust some third-party company with your data" is a losing plan.
I run my own mailserver, but that solution doesn't scale either.
Sorry, this is a poorly solved problem for the world. Somebody should work on it! But "Ok, I will run a webmail service and this one will be safe" is not the way to work on it.
I don't think gmail and
I don't think gmail and yahoo can be used with TBB, unless you sign on without TBB first, which means you could just sign on without TBB...
Using TBB 3.6 PT obfs3. I
Using TBB 3.6 PT obfs3. I can sign in to https://mail.google.com using TBB with Javascript disabled. Next page will tells me to enable Javascript for Gmail Standard view or I will get plain HTML view if I continue with Javascript disabled.
And what happens if you
And what happens if you continue? Did you completed the process?
Continued with Javascript
Continued with Javascript disabled and accessed my Gmail account in plain HTML view. I did not use TBB to initially set up my Gmail account so I can't tell you if using TBB to do account set up will work.
Exactly, I tried all these
Exactly, I tried all these known email services (hotmail / gmail / yahoo) and some that I didn't know until now like Hushmail (which sadly is not free) without success. I need to setup a completely anonymous and "safe" email account and if I sign up without TBB then it is just an illusion of anonymity and safety.
To register a mail account
To register a mail account on Riseup you should be invited by two different members. Do you have any spare invitation code to share with me please?
I have already requested an email account but it may take a long time (due to the volume of the requests) or it may not approved at all.
Well i belive that if your
Well i belive that if your going to use a well known "Mailing Services" Branch, then I would pick Hotmail, because Microsoft is fighting against the NSA to secure its assets and protect the American citizens as we should have our privacy. Any can be considered "safe" but i would recommend something along Google Or Microsoft, because they are fighting the NSA for its privacy, well atleast making it harder and more expensive to "aquire" Our information... You can read more about it on this article"http://www.nytimes.com/2014/06/07/technology/internet-giants-erect-barr…"
If you are leery of U.S.
If you are leery of U.S. based email services, try Yandex Mail. Yandex is Russian company and yes, Russian government might read your email. As long as you are no more than low level irritant and do not live in Russia or their near abroad, do not worry. HTTPS is default setting in Yandex Mail.
Thanks buddy! It seems that
Thanks buddy! It seems that you solved my problem, I'm the one who asked the question in the first place. I signed up with Yandex Mail and it seems to work for now. I hope they do not block my account as in Hotmail.
Arma, the IP addresses of
Arma,
the IP addresses of some Obfs bridges resolve to the domain names plainly containing the word "tor". Is not this an oxymoron? I thought the Plugged Transport bridges are supposed to appear as something else.
How can these bridges help us circumvent censorship and surveillance, if they stand out with a screaming domain name? They can be blocked or monitored easily, regardless of the crafty plugin.
Currently you hand out only the IPs of the bridges, and most users will simply take them and not start resolving the domain names. It sounds like a big problem. And all of those fancy Obfs Transports then become meaningless - on the opposite, they are now honey pots...
Is there a way to stop this deception? Disallow some bridge domain names in Tor if the bridge runs Obfs? Warn operators? Warn users - show them the domain name with the IP?
"They will do a
"They will do a reverse-resolve on the IP address and see if the letters t, o, and r appear in the hostname they get back, and if so they'll block it" isn't really high on the list of worries around bridges.
You might enjoy
https://vbdvexcmqi.oedi.net/blog/research-problems-ten-ways-discover-to…
As for whether pluggable transport bridges are supposed to appear as "something" else, it varies by transport. The obfsproxy flows are supposed to end up in the "none of the above" category by a protocol classifier. The flashproxy flows are supposed to look like websocket with Tor underneath. There's a lot of variation, and that's good.
So the very short answer is "no, the fact that some volunteer bridge addresses set their reverse-resolve hostname to something Tor related is not a big problem."
The obfsproxy flows are
The obfsproxy flows are supposed to end up in the "none of the above" category by a protocol classifier.
Obfs proxy specifically is designed to conceal Tor. But an Obfs bridge that has a domain name revealing Tor (or sending any other indicator) is exactly undoing the Obfs effort. The users, guided by you, usually do not know about it.
This may be a mild problem, and it may be hard to prevent, but the result is the same - it is still is a deceptive trap. And if the operator is doing it on purpose, it's a bigger problem.
Why not attempting to show the bridge's domain name next to the IP address? This may hinder the trickster operators.
I don't think these are
I don't think these are "trickster" operators. I think they genuinely don't see what the big deal is. And I don't think it's a big deal either.
Having a domain name for the obfs address that has the letters t, o, and r in it does not "exactly undo" the Obfsproxy features. It still prevents automated DPI for patterns in Tor flow payloads.
The much broader problem is that we don't have enough obfsproxy bridge addresses, and they don't rotate often enough, relative to the enumeration attacks that China can sustain on the bridgedb service. I talk about this issue much more in:
https://vbdvexcmqi.oedi.net/blog/how-to-read-our-china-usage-graphs
I'm still running all my
I'm still running all my relays/bridges from the last one....though two don't see much traffic, might need to find a new home for them.
Thanks for running relays!
Thanks for running relays!
Yet another SSL screw up
Yet another SSL screw up http://www.wired.com/2014/06/heartbleed-redux-another-gaping-wound-in-s…
Will it be fixed in the next TBB release?
Yes. https://lists.torproject
Yes.
https://lists.torproject.org/pipermail/tor-talk/2014-June/033161.html
So sad my isp is only able
So sad my isp is only able to provide a max of 300kps. I'd love to be a more participatory user but there you go... Werry grateful for y'alls enthusiasms though...
You can still advocate it to
You can still advocate it to your friends who have better network connections. Perhaps you or they have better network connections at work or school too?
Read recently on the
Read recently on the internet that China was blocking everything Google related. Presumably because of the Tiananmen Square incident anniversary but no one seemed to know if the Google block was temporary or permanent. I don't know if the Google block affects the meek Pluggable Transport in China.
Hi phoul can u give me your
Hi phoul can u give me your gmail address and I have a question to talk to you .PT related.
Three questions about
Three questions about challenge:
1) I can run relay or bridge. Relays are visible (of course Atlas for example), bridges - not. How do you check bridges parameters - uptime, bandwidth etc.
2) to get t-shirt I should gave 1MB bandwidth. It means 1MB=8Mbit or 1Mb=128kB/s? Just for sure.
3) To get t-shirt&sticker I must give my real adress. It is secure to me?
Regards!
1) globe.torproject.org can
1) globe.torproject.org can look up a bridge by its hash-of-fingerprint, so people can learn details about the bridge without learning its address or actual fingerprint.
2) 1MB = 8Mbit
3) "secure to you" is a broad and relative concept. Maybe, maybe not? Don't give your address, or don't give a sensitive address, if you're worried.
Got it. Relay 30Mb/s up and
Got it. Relay 30Mb/s up and running :-)
Sweet, just added my node!
Sweet, just added my node! Can we see a picture of the Tor shirt please? :)
Thanks for running a
Thanks for running a relay!
This is the traditional Tor shirt:
https://decvnxytmk.oedi.net/getinvolved/tshirt
But I wonder if EFF is planning to make a special run for special relay operators. I guess we'll see.