0:00:09.649,0:00:15.249 Fortunately my slide will be centered, because I'll have to change resolutions. I think this works out... 0:00:15.249,0:00:19.310 And, it's about protecting your privacy with FreeBSD and Tor 0:00:19.310,0:00:20.859 and, uh... 0:00:20.859,0:00:21.480 Privacy. 0:00:21.480,0:00:25.859 What I mean here is mostly anonymity 0:00:25.859,0:00:28.889 but there are some other aspects that 0:00:28.889,0:00:34.390 I'll talk about later 0:00:34.390,0:00:36.290 uh, so... 0:00:36.290,0:00:39.500 I want to first talk about who needs anonimity anyway 0:00:39.500,0:00:42.880 Is it just for criminals or some other bad guys, right? 0:00:42.880,0:00:44.209 After this 0:00:44.209,0:00:50.940 anonymization concepts, then Tor. Tor's a, well, a tool 0:00:50.940,0:00:52.870 to, uh... 0:00:52.870,0:00:59.320 anonymize you on the Web. Then I'll talk about what FreeBSD can do with it 0:00:59.320,0:01:00.430 and what else 0:01:00.430,0:01:01.980 you have to take care of 0:01:01.980,0:01:06.070 when you want to be anonymous on the Web or the Internet 0:01:06.070,0:01:06.650 And uh, 0:01:06.650,0:01:12.280 if time permits I'd like to do a little demonstration 0:01:12.280,0:01:16.970 Ok, so who needs anonymity anyway? 0:01:16.970,0:01:20.510 Anonymity is a pretty vast 0:01:20.510,0:01:22.030 interest to most people 0:01:22.030,0:01:24.740 but it's really important for 0:01:24.740,0:01:26.400 journalists... There was a case in, uh, 0:01:26.400,0:01:28.619 Thailand last year 0:01:28.619,0:01:32.510 when the military coup was going on 0:01:32.510,0:01:38.150 and the journalists in Thailand couldn't really uh 0:01:38.150,0:01:39.830 Journalists couldn't really, uh 0:01:39.830,0:01:43.050 get the information they needed to do their work 0:01:43.050,0:01:45.750 Also, uh, informants 0:01:45.750,0:01:49.100 whistleblowers... people who want to tell you about 0:01:49.100,0:01:52.490 corruption going on in governments and companies 0:01:52.490,0:01:56.460 and don't want to lose their job for it... Dissidents 0:01:56.460,0:01:58.250 Uh, best case 0:01:58.250,0:02:01.610 when in Myanmar 0:02:01.610,0:02:03.750 last few weeks ago 0:02:03.750,0:02:05.290 When the 0:02:05.290,0:02:07.649 all the Buddhists monks were going to the streets and uh, 0:02:07.649,0:02:09.879 the Internet was heavily censored 0:02:09.879,0:02:14.899 It was really dangerous to do anything on the Internet 0:02:14.899,0:02:17.719 So, so umm 0:02:17.719,0:02:20.489 socialy sensitive information, like when you want to uh, 0:02:20.489,0:02:23.719 when you were abused 0:02:23.719,0:02:25.769 and want to talk to other people about it 0:02:25.769,0:02:30.039 you don't... naturally you don't want other people to know who you are 0:02:30.039,0:02:31.840 as it will be very embarrassing 0:02:31.840,0:02:33.779 Also Law Enforcement, ah 0:02:33.779,0:02:38.579 for example, uh, when you want to set up a 0:02:38.579,0:02:41.669 an anonymous tipline for crime reporting 0:02:41.669,0:02:45.810 And uh, also companies that want to, uh 0:02:45.810,0:02:48.079 research competition, as one case that, uh 0:02:48.079,0:02:51.029 that a company went to check the, uh 0:02:51.029,0:02:54.339 website competition and they noticed when they used Tor 0:02:54.339,0:02:58.209 that, uh, they were actually getting a different website when they 0:02:58.209,0:03:00.829 uh, were coming from the corporate LAN 0:03:00.829,0:03:04.609 than anyone else was getting, so ah, 0:03:04.609,0:03:07.509 it's a good way to, uh, 0:03:07.509,0:03:11.859 check out... competition like this 0:03:11.859,0:03:13.349 Also military 0:03:13.349,0:03:15.679 actually military was one of the, uh 0:03:15.679,0:03:17.479 original 0:03:17.479,0:03:20.510 driving forces behind the 0:03:20.510,0:03:24.319 anonymization research. 0:03:24.319,0:03:26.169 And maybe you 0:03:26.169,0:03:28.799 may have heard of the European Union 0:03:28.799,0:03:30.349 Data Retention Directive? 0:03:30.349,0:03:33.039 Where, umm 0:03:33.039,0:03:35.739 collection data gets stored 0:03:35.739,0:03:41.259 six to twenty-four months? Depends on the limitation on the different nations 0:03:41.259,0:03:45.069 Two weeks back this was, uh, 0:03:45.069,0:03:47.729 the law was passed in Germany 0:03:47.729,0:03:48.900 So, uh 0:03:48.900,0:03:50.450 from first January on, 0:03:50.450,0:03:52.159 every connection, phone connection, 0:03:52.159,0:03:55.389 SMS, IP connections, 0:03:55.389,0:03:58.480 email, or the dial-in data needs to be stored 0:03:58.480,0:04:00.449 by providers for six months 0:04:00.449,0:04:02.510 And, uh, 0:04:02.510,0:04:05.379 sooner or later it's going to be in Poland as well 0:04:05.379,0:04:07.689 [talking] 0:04:07.689,0:04:14.689 Well, you're part of the Euro Union now, so ah, welcome! 0:04:16.989,0:04:18.529 Okay, uh 0:04:18.529,0:04:21.220 that's a 0:04:21.220,0:04:27.110 Maybe you want to hide what interests you have and uh, who you talk to, I mean uh, 0:04:27.110,0:04:30.889 like all of you know the Internet isn't very 0:04:30.889,0:04:34.199 secure in the first place so your ISP can see who you're talking to 0:04:34.199,0:04:37.780 if they bother to find out 0:04:37.780,0:04:40.709 Yeah, and also 0:04:40.709,0:04:46.279 criminals, but they already do illegal stuff and they don't care about 0:04:46.279,0:04:51.629 doing more illegal stuff to stay anonymous, right? They can steal people's identities, they can rent botnets or create them in the first place 0:04:51.629,0:04:53.829 and uh, 0:04:53.829,0:04:54.689 or just 0:04:54.689,0:04:59.689 crack one of the thousands of Windows computers online, no big deal 0:04:59.689,0:05:02.029 So, uh 0:05:02.029,0:05:05.199 Criminals already do this and uh, 0:05:05.199,0:05:06.360 the normal 0:05:06.360,0:05:13.360 citizens can't do this so... 0:05:14.680,0:05:16.460 So all the groups that need anonymization are very different, 0:05:16.460,0:05:18.330 but they all have the same goal, and uh 0:05:18.330,0:05:20.619 that's also one of the 0:05:20.619,0:05:22.229 key concepts of 0:05:22.229,0:05:22.919 anonymization 0:05:22.919,0:05:24.090 you can't really 0:05:24.090,0:05:25.930 stay anonymous on your own 0:05:25.930,0:05:28.999 you need the help of more people 0:05:28.999,0:05:30.559 and uh, 0:05:30.559,0:05:32.680 the more diverse the group that needs 0:05:32.680,0:05:38.539 anonymity, the better 0:05:38.539,0:05:40.979 Ok, so on to talking about two 0:05:40.979,0:05:42.949 anonymization concepts 0:05:44.539,0:05:51.539 Proxy? Everyone here probably knows how a proxy works, 0:05:52.559,0:05:53.169 LANs connect to the proxy and request 0:05:53.169,0:05:57.290 a website or whatever and the proxy 0:05:57.290,0:06:00.359 just passes it on and pass through 0:06:04.680,0:06:09.329 Proxys are fast and simple but it's really a single point of failure, like uh, 0:06:09.329,0:06:13.139 when law enforcement or anyone else wants to uh, know 0:06:13.139,0:06:15.289 who you're talking to they just 0:06:15.289,0:06:19.759 get a subpoena or 0:06:19.759,0:06:22.440 break into the computer room or whatever 0:06:22.440,0:06:26.400 It's pretty easy 0:06:26.400,0:06:30.050 Second anonymization concept is MIX, 0:06:30.050,0:06:32.549 it's really old from nineteen eighty one 0:06:32.549,0:06:35.099 So you can see, uh, 0:06:35.099,0:06:41.150 how long the research in this area is going on 0:06:41.150,0:06:43.150 The MIX is kind of similar to a proxy 0:06:43.150,0:06:47.090 Like, trying to connect to it to send the messages 0:06:47.090,0:06:50.779 and the MIX collects them 0:06:50.779,0:06:54.550 and coalesces them 0:06:54.550,0:06:56.699 Like, it puts them all 0:06:56.699,0:06:58.319 into coming sites and uhm, 0:06:58.319,0:07:00.169 you see here it 0:07:00.169,0:07:03.849 shuffles them. It waits 0:07:03.849,0:07:08.930 until there's enough data in it and just 0:07:08.930,0:07:11.039 shuffles them and sends them back out so 0:07:11.039,0:07:18.039 um, this is to protect against correlation attacks. 0:07:20.219,0:07:22.439 But second in... 0:07:22.439,0:07:23.379 Oh yeah, and 0:07:23.379,0:07:27.879 when you actually put several MIXes uh 0:07:27.879,0:07:31.259 behind them; it's a MIX cascade and uh, 0:07:31.259,0:07:32.149 between mixes is also 0:07:32.149,0:07:35.330 encryption going on, uh, the first 0:07:35.330,0:07:38.349 or the client which 0:07:38.349,0:07:44.069 you could see here if the slides would be centered, uh, 0:07:44.069,0:07:46.029 what else gets the 0:07:46.029,0:07:48.879 public keys of all the mixes 0:07:48.879,0:07:51.160 and encrypts the message first for each of them 0:07:51.160,0:07:54.879 and each mix removes one encryption layer and 0:07:54.879,0:07:59.280 uh, the last one actually passes on the message unencrypted 0:07:59.280,0:08:04.369 and uhm, loop back backwards the same 0:08:04.369,0:08:06.379 So, as you can probably imagine, 0:08:06.379,0:08:11.389 if you wait until you have enough messages, ah, and all public key encryption 0:08:11.389,0:08:12.280 is going pretty slow 0:08:14.069,0:08:17.939 and uh, 0:08:17.939,0:08:20.360 this concept is mostly used for 0:08:20.360,0:08:22.419 remailers like 0:08:22.419,0:08:26.359 MixMinion, for example uh 0:08:26.359,0:08:28.800 where it's not really a possib... um 0:08:28.800,0:08:32.610 it's not really important 0:08:32.610,0:08:33.979 if the message is a couple of seconds 0:08:33.979,0:08:36.540 late or something, but it's not really 0:08:36.540,0:08:39.870 great for uh, for 0:08:39.870,0:08:41.830 low latency connections, 0:08:41.830,0:08:44.730 like web routing for example 0:08:44.730,0:08:47.060 but what's good about it it's uh 0:08:47.060,0:08:50.500 distributed trust uh, 0:08:50.500,0:08:54.940 just one these MIXes has to be secure to actually 0:08:54.940,0:08:56.840 anonymize the whole connection 0:08:56.840,0:08:58.460 so it's slow but it's 0:08:58.460,0:09:05.460 distributed trust, which is good. 0:09:06.230,0:09:09.930 So, I want to introduce Tor 0:09:09.930,0:09:12.320 Tor stands for The Onion Router. 0:09:12.320,0:09:16.340 It's a concept that is actually built on 0:09:16.340,0:09:17.720 both these concepts 0:09:17.720,0:09:21.340 MIXes and proxies. 0:09:21.340,0:09:22.770 It's a TCP-Overlay network, 0:09:22.770,0:09:24.900 that means you can, uh 0:09:24.900,0:09:25.560 channel any 0:09:25.560,0:09:27.320 TCP connection through it 0:09:27.320,0:09:28.480 theoretically 0:09:28.480,0:09:31.310 Uh, theoretically I will explain 0:09:31.310,0:09:33.790 a couple of slides later 0:09:33.790,0:09:37.040 It provides a SOCKS interface so you don't need any uh, 0:09:37.040,0:09:42.060 special application proxies like any application that uses SOCKS interface can just 0:09:42.060,0:09:43.370 talk to Tor 0:09:43.370,0:09:48.070 and it's available on, um, all major platforms 0:09:48.070,0:09:53.940 What is uh, especially important it's available in Windows 0:09:53.940,0:09:55.850 Because, uhm, like I said earlier once 0:09:55.850,0:09:57.740 you want a really diverse, 0:09:57.740,0:09:59.560 really diverse group of users 0:09:59.560,0:10:05.250 so you actually need uh, 0:10:05.250,0:10:06.860 the normal user 0:10:06.860,0:10:13.150 not just geeks. 0:10:13.150,0:10:15.160 Um, well it aims to uhm 0:10:15.160,0:10:15.939 combine the positive attributes of 0:10:15.939,0:10:17.480 proxies and MIXes 0:10:17.480,0:10:18.749 Like, proxies are fast, but 0:10:18.749,0:10:20.620 seem prone to failure 0:10:20.620,0:10:21.770 and MIXes 0:10:21.770,0:10:24.590 distributed trust, you want to combine them 0:10:24.590,0:10:29.930 so uh 0:10:29.930,0:10:31.310 Fast, uh, Tor uses not only public key 0:10:31.310,0:10:33.220 encryption but also session keys 0:10:33.220,0:10:35.170 so it's symmetrically encrypted. 0:10:35.170,0:10:37.260 So uh 0:10:37.260,0:10:41.710 all the connection set up is this public key so you just, uh 0:10:41.710,0:10:44.840 authentication and stuff 0:10:44.840,0:10:50.860 And uh, the actual communication that's going on later is always symmetrically encrypted 0:10:50.860,0:10:54.170 And uh, so it's also TCP multiplexing 0:10:54.170,0:10:55.850 so you can run 0:10:55.850,0:10:58.520 several TCP connections through one 0:10:58.520,0:11:02.220 virtual Tor connection. 0:11:02.220,0:11:05.610 And the design goals are 0:11:05.610,0:11:06.790 yeah 0:11:06.790,0:11:07.880 deployability 0:11:07.880,0:11:09.770 like dums want the user to actually have 0:11:09.770,0:11:12.680 to patch his PC off the Operating System or something 0:11:12.680,0:11:16.070 just be in a... workable state really fast. 0:11:16.070,0:11:19.340 Um, usability, 0:11:19.340,0:11:20.600 so you get the uh, 0:11:20.600,0:11:22.400 normal users 0:11:22.400,0:11:26.850 not just the geeks. Flexibility, uhm 0:11:26.850,0:11:28.310 it's aimed to 0:11:28.310,0:11:29.910 enable more research 0:11:29.910,0:11:32.010 in this whole area. 0:11:32.010,0:11:33.059 So, uh 0:11:33.059,0:11:34.679 the protocol Tor users 0:11:34.679,0:11:37.890 should be really flexible 0:11:37.890,0:11:42.110 And uh, for simplicity it's a security application and 0:11:42.110,0:11:45.900 well complexity doesn't play well with uh, 0:11:45.900,0:11:52.070 security 0:11:52.070,0:11:53.190 So, this uh, 0:11:53.190,0:11:55.300 it's how Tor works, more or less 0:11:55.300,0:11:58.800 Dave is uh, a directory server, 0:11:58.800,0:12:03.160 it uh, caches information about the network state 0:12:03.160,0:12:08.130 and uh, which Tor servers are available in the network 0:12:08.130,0:12:09.490 and uh 0:12:09.490,0:12:10.930 Alice downloads 0:12:10.930,0:12:14.740 this whole list from Dave 0:12:14.740,0:12:18.940 you see the Tor nodes with the plus here? 0:12:18.940,0:12:21.020 Through this random 0:12:21.020,0:12:22.790 tree of service 0:12:22.790,0:12:23.910 when she wants to talk to Jane 0:12:23.910,0:12:30.380 for example 0:12:30.380,0:12:34.280 The first one is the entry node, middleman nodes, and the uh exit nodes, I will leave these for later 0:12:34.280,0:12:41.000 uh, so this 0:12:41.000,0:12:43.990 Alice talks to the entry node 0:12:43.990,0:12:47.550 there's a connection that is going on and is public key encrypted 0:12:47.550,0:12:51.330 and they establish a session key and same 0:12:51.330,0:12:53.090 thing goes on 0:12:53.090,0:12:58.520 between these two and these two so they can communicate later on 0:12:58.520,0:12:59.780 What's really important here 0:12:59.780,0:13:00.629 is the last connection here 0:13:00.629,0:13:03.090 is actually unencrypted. 0:13:03.090,0:13:05.240 I will talk about it later 0:13:05.240,0:13:06.610 So it has to be unencrypted 0:13:06.610,0:13:13.610 so you can actually get your request through 0:13:20.690,0:13:22.700 This is a virtual circuit 0:13:22.700,0:13:24.490 that gets established and uh 0:13:24.490,0:13:29.190 every, every 0:13:29.190,0:13:31.340 ten minutes 0:13:31.340,0:13:32.450 a new circuit is built 0:13:32.450,0:13:37.250 when a new website, when a new request comes through, so uh 0:13:37.250,0:13:40.080 this one stays, all these connections above stay 0:13:40.080,0:13:41.940 in this circuit 0:13:41.940,0:13:43.630 and after ten 0:13:43.630,0:13:45.410 when after ten minutes, ah 0:13:45.410,0:13:52.410 Alice wants to talk to Jane, a new circuit is built 0:13:53.610,0:13:55.410 and uh, this is important 0:13:55.410,0:13:56.920 to get strong 0:13:56.920,0:13:57.710 anonymity 0:13:57.710,0:14:00.220 in case one connection is compromised, for example. 0:14:00.220,0:14:01.600 And these ten minutes 0:14:01.600,0:14:04.490 are really an arbitrary value, 0:14:04.490,0:14:08.560 you can choose anything 0:14:08.560,0:14:10.660 you have to do the research 0:14:10.660,0:14:11.970 which value is best and so 0:14:11.970,0:14:18.970 ten minutes is compromised. 0:14:19.840,0:14:22.240 With Tor you get exit policies, 0:14:22.240,0:14:24.640 this is important for the exit node 0:14:24.640,0:14:27.880 the one which actually sends the uh, 0:14:27.880,0:14:30.410 original request to the destination server 0:14:30.410,0:14:31.670 and huh 0:14:31.670,0:14:32.839 you can control which 0:14:32.839,0:14:34.220 TCP connections you want 0:14:34.220,0:14:39.180 to allow from your own node if you want 0:14:39.180,0:14:41.000 As default policy which uh 0:14:41.000,0:14:43.610 blocks SMTP and NNTP to prevent uh 0:14:43.610,0:14:48.080 spamming and all stuff 0:14:48.080,0:14:49.060 but you can actually allow 0:14:49.060,0:14:51.970 SMTP if you want 0:14:51.970,0:14:54.070 and there's some other ports blocked 0:14:54.070,0:14:56.170 but the rest of it works so 0:14:56.170,0:14:57.900 HTTP SSH 0:14:57.900,0:15:01.630 all the important stuff 0:15:01.630,0:15:05.250 that you would want to anonymize just works 0:15:05.250,0:15:10.290 and uh, if you uh 0:15:10.290,0:15:13.050 this is important for uh, if you 0:15:13.050,0:15:18.540 want to run you own node, uh 0:15:18.540,0:15:19.220 waht kind of node you actually want to run 0:15:19.220,0:15:24.120 if you look at the picture, uh earlier 0:15:24.120,0:15:31.120 there's these three different nodes: entry node, middleman node, and exit node 0:15:32.400,0:15:34.180 and uh, which node you want to run 0:15:34.180,0:15:36.780 depends on how many problems you want afterwards 0:15:36.780,0:15:39.590 I will talk about it later uh 0:15:39.590,0:15:40.970 this one, 0:15:40.970,0:15:46.950 the exit node actually forwards the uh, requested date, uh 0:15:46.950,0:15:47.700 depends upon what 0:15:47.700,0:15:51.570 what the user actually uh wants, that's 0:15:51.570,0:15:52.830 if the user uh 0:15:52.830,0:15:58.020 Alice in this case uh 0:15:58.020,0:16:02.080 insults someone out on a web forum, then uh the uh 0:16:02.080,0:16:03.470 administrator of the forum will see the IP address 0:16:03.470,0:16:05.340 of the 0:16:05.340,0:16:11.230 exit node in his logs and not the one 0:16:11.230,0:16:15.330 of Alice so uh he's going to have the problems later on 0:16:15.330,0:16:18.250 so I will talk about it later 0:16:18.250,0:16:21.600 but you have to keep this in mind 0:16:21.600,0:16:28.600 And uh, keep up everything and uh we can play the role of entry nodes and middleman nodes 0:16:30.170,0:16:37.170 which is also important 0:16:39.130,0:16:42.930 Special feature of Tor are hidden services 0:16:42.930,0:16:45.850 these are services which can be 0:16:45.850,0:16:46.990 accessed 0:16:46.990,0:16:49.420 without having the IP address of them 0:16:49.420,0:16:50.960 so uh 0:16:50.960,0:16:56.300 you can't really find them physically 0:16:56.300,0:16:57.880 So if you want to run a 0:16:57.880,0:16:59.720 hidden service you can do it from anywhere 0:16:59.720,0:17:01.850 You can even do it from inside this private network here 0:17:01.850,0:17:05.950 You can set up a service and everyone in the outside world can actually access it 0:17:05.950,0:17:07.770 even if you don't have the rights to do 0:17:07.770,0:17:11.330 port forwarding or something 0:17:11.330,0:17:13.580 uh, this is really important to, uh 0:17:13.580,0:17:15.690 resist Denial of Service, for example 0:17:15.690,0:17:20.160 Because every uh, 0:17:20.160,0:17:20.519 every client that wants to 0:17:20.519,0:17:22.829 access the service uh, 0:17:22.829,0:17:25.700 gets a different route in the network 0:17:25.700,0:17:26.529 and uh, it's hard 0:17:26.529,0:17:28.460 to actually uh 0:17:28.460,0:17:31.970 DOS it. And it's also important to 0:17:31.970,0:17:33.610 resist censorship 0:17:33.610,0:17:38.510 And the addresses look like this: 0:17:38.510,0:17:43.280 it's really a hash of a public key 0:17:43.280,0:17:47.340 and each hidden service is actually, well, identified 0:17:47.340,0:17:53.300 by a public key 0:17:53.300,0:17:59.000 This how it works, uhm, yet Alice the client 0:17:59.000,0:18:02.170 and the hidden server, Bob. 0:18:02.170,0:18:04.120 And if Bob wants to, uh, 0:18:04.120,0:18:07.640 wants to set up a service, 0:18:07.640,0:18:08.159 he chooses three introduction points 0:18:08.159,0:18:09.899 out of the whole mass 0:18:09.899,0:18:11.920 of Tor servers. 0:18:11.920,0:18:18.920 And Bob has the public key to identify the service, and uh he sends 0:18:22.530,0:18:26.860 this public key and the list of three introduction points to the directory server. 0:18:26.860,0:18:28.740 Now Alice wants to uh, 0:18:28.740,0:18:31.610 connect to Bob, the first the first thing she does 0:18:31.610,0:18:34.480 is download this 0:18:34.480,0:18:38.910 this list with the introduction points and the uh 0:18:38.910,0:18:45.910 public key from the directory server. After that, uh 0:18:50.120,0:18:54.299 she chooses one of the uh introduction points 0:18:54.299,0:18:55.930 and uh, 0:18:55.930,0:19:02.920 posts a circle rendesvouz cookie there. A piece of data so uh, she can, uh 0:19:02.920,0:19:05.480 identify herself 0:19:05.480,0:19:06.900 and uh, she also 0:19:06.900,0:19:07.860 gives the introduction point 0:19:07.860,0:19:14.500 the address of her random rendesvouz point that Alice has chosen 0:19:14.500,0:19:18.550 so what happens then is uh, Bob notices that uh, 0:19:18.550,0:19:23.760 some data has been stored in the introduction point 0:19:23.760,0:19:28.160 and Alice and Bob uh, 0:19:28.160,0:19:31.230 make a rendesvouz point, and 0:19:31.230,0:19:34.940 Bob uses this, this uh 0:19:34.940,0:19:36.700 rendesvouz cookie to 0:19:36.700,0:19:38.180 actually identify himself on the rendesvouz point 0:19:38.180,0:19:39.990 and after that 0:19:39.990,0:19:46.990 all the connection of data runs through this rendesvouz point. 0:19:50.870,0:19:53.180 uh, if time permits I'll actually uh, 0:19:53.180,0:19:54.710 set up a rendesvouz 0:19:54.710,0:19:55.960 a hidden service here 0:19:55.960,0:19:59.120 so you can actually see how it works 0:19:59.120,0:20:06.120 I'll also demonstrate Tor, like I said 0:20:08.800,0:20:09.770 uh, there's some legal issues to be uhm 0:20:09.770,0:20:12.450 recognized, uh. As you can imagine, Tor may be forbidden in some 0:20:12.450,0:20:14.880 countries; especially totalitarian countries 0:20:14.880,0:20:17.530 which censor the Internet anyway 0:20:17.530,0:20:18.719 and uh, 0:20:18.719,0:20:21.030 you may get into trouble for using Tor 0:20:21.030,0:20:25.580 practically, anyone knows this 0:20:25.580,0:20:27.580 there can be crytpo restrictions 0:20:27.580,0:20:29.070 for example Great Britain, the uh 0:20:29.070,0:20:33.200 RIPA act, I'm not even sure what it stands for 0:20:33.200,0:20:36.140 but basically says that uh, 0:20:36.140,0:20:37.510 if the government wants, 0:20:37.510,0:20:40.410 then you have to give up your crypto keys 0:20:40.410,0:20:42.910 so they can decrypt it later 0:20:42.910,0:20:47.860 and uh, yeah, it's not really great 0:20:47.860,0:20:50.010 and actually last week was the first case 0:20:50.010,0:20:52.890 when this was actually used in 0:20:52.890,0:20:56.600 Great Britain 0:20:56.600,0:21:00.720 Uh, there can be special laws like in Germany 0:21:00.720,0:21:03.480 sort of like a hacker paragraph 0:21:03.480,0:21:06.990 It's just a nickname, it has some cryptic legal name 0:21:06.990,0:21:07.940 uh, in reality 0:21:07.940,0:21:11.090 and it says that uh 0:21:11.090,0:21:14.570 you're liable if you, uh, 0:21:14.570,0:21:17.360 if you give people access to tools 0:21:17.360,0:21:20.020 that they can use to uh, 0:21:20.020,0:21:22.270 well, to do illegal stuff. 0:21:22.270,0:21:23.630 More or less. 0:21:23.630,0:21:27.080 It's really uh, 0:21:27.080,0:21:29.080 not concrete and no one really... 0:21:29.080,0:21:30.440 it could uh, 0:21:30.440,0:21:31.929 it could 0:21:31.929,0:21:36.669 restrict anything. From a map to a 0:21:36.669,0:21:39.210 to God know what Network tools. 0:21:39.210,0:21:40.880 and uh 0:21:40.880,0:21:43.559 But it was actually, it was actually passed so no one really knows 0:21:43.559,0:21:45.510 what's the, uhm 0:21:45.510,0:21:46.490 what's really 0:21:46.490,0:21:50.260 restrict by it. So Tor could be restricted 0:21:50.260,0:21:55.590 by it, because it could really enable people to do illegal stuff, 0:21:55.590,0:21:58.640 but no one really knows 0:21:58.640,0:22:00.990 and uh, the biggest Tor 0:22:00.990,0:22:02.250 problem is 0:22:02.250,0:22:07.480 that, uh 0:22:07.480,0:22:10.180 when uh, when it actually gets sent to a Tor network 0:22:10.180,0:22:13.210 the uh, the 0:22:13.210,0:22:14.669 IP address that 0:22:14.669,0:22:16.210 gets sent 0:22:16.210,0:22:17.220 well that's what the destination server 0:22:17.220,0:22:19.090 actually sees 0:22:19.090,0:22:21.200 is one of the exit nodes. 0:22:21.200,0:22:22.380 So when, uh 0:22:22.380,0:22:23.740 when a client 0:22:23.740,0:22:26.090 actually causes trouble, 0:22:26.090,0:22:26.950 then the one 0:22:26.950,0:22:29.790 that gets into trouble 0:22:29.790,0:22:32.460 is the exit nodes provider. And uh, 0:22:32.460,0:22:33.560 so stuff that gets done 0:22:33.560,0:22:38.620 for torment purpose like sending ransom mails or uh, 0:22:38.620,0:22:40.480 distributing illegal stuff 0:22:40.480,0:22:42.040 and it, this all happened 0:22:42.040,0:22:43.500 and, if you are 0:22:43.500,0:22:46.460 unlucky as an exit node operator 0:22:46.460,0:22:47.109 your server gets seized or something 0:22:47.109,0:22:52.059 and uh, 0:22:52.059,0:22:55.530 that's random stuff that can happen 0:22:55.530,0:22:56.540 So uh, 0:22:56.540,0:22:59.559 as an exit nodes provider you can get 0:22:59.559,0:23:03.690 letters from Law Enforcement agencies, and uh 0:23:03.690,0:23:05.649 What are you doing there? 0:23:05.649,0:23:06.830 Maybe some illegal stuff? 0:23:06.830,0:23:10.040 And you have to explain to them that you are 0:23:10.040,0:23:12.260 providing Tor server and 0:23:12.260,0:23:13.980 it wasn't you 0:23:13.980,0:23:15.120 and stuff. 0:23:15.120,0:23:18.020 For example the FBI 0:23:18.020,0:23:19.960 in America 0:23:19.960,0:23:23.580 actually knows what you're talking about when you tell them 0:23:23.580,0:23:24.580 that you're using Tor... 0:23:24.580,0:23:26.019 so, uh 0:23:26.019,0:23:26.600 they won't bother. 0:23:26.600,0:23:28.810 But in Germany the uh, 0:23:28.810,0:23:34.830 Law Enforcement agencies, actually are, so so 0:23:34.830,0:23:41.440 depends on what kind of guy you're actually talking to 0:23:41.440,0:23:47.120 So what's... What kind of role plays FreeBSD here? 0:23:47.120,0:23:51.880 uh, FreeBSD is really well suited as a Tor node, uh 0:23:51.880,0:23:55.490 when you're operating the client you just want to use the network, uh 0:23:55.490,0:23:57.830 it doesn't matter what kind of system you use 0:23:57.830,0:23:59.150 and it shouldn't matter 0:23:59.150,0:24:00.830 This is one of the, uh 0:24:00.830,0:24:03.130 like I said earlier one of the design 0:24:03.130,0:24:05.500 criteria of Tor 0:24:05.500,0:24:08.610 so it doesn't matter if you're using Windows or FreeBSD. 0:24:08.610,0:24:09.929 But if you're using the Tor 0:24:09.929,0:24:14.290 as actually uh, 0:24:14.290,0:24:17.320 the security of others depends on your node 0:24:17.320,0:24:20.690 and uh, 0:24:20.690,0:24:22.950 when you're operating a node is important to 0:24:22.950,0:24:25.310 have Operational Security 0:24:25.310,0:24:25.980 and Jails 0:24:25.980,0:24:27.550 are really great for this, 0:24:27.550,0:24:29.980 so you can run a Tor server in Jail. 0:24:29.980,0:24:32.950 It's also Disk and Swap encryption 0:24:32.950,0:24:38.010 which is important, especialy the swap encryption. And uh, 0:24:38.010,0:24:39.390 there's also audit 0:24:39.390,0:24:40.740 and the MAC framework 0:24:40.740,0:24:43.780 when you want to run your installation 0:24:43.780,0:24:46.220 What's also nice, 0:24:46.220,0:24:46.659 Tor servers do a lot of public key encryption 0:24:46.659,0:24:48.440 and it's pretty slow 0:24:48.440,0:24:49.480 so it's great to have 0:24:49.480,0:24:54.750 hardware acceleration for this. 0:24:54.750,0:24:56.160 And uh, probably the biggest feature: 0:24:56.160,0:25:03.160 Well maintained Tor-related ports. 0:25:04.060,0:25:07.390 There is the main port, security/Tor 0:25:07.390,0:25:11.370 Which is a client and server if you want to run 0:25:11.370,0:25:13.610 a network node, or just a client. 0:25:13.610,0:25:15.210 There's tor-devel 0:25:15.210,0:25:16.450 and these are really up to date, uhm 0:25:16.450,0:25:22.830 Tor development happens really fast 0:25:22.830,0:25:23.710 and the ports get updated 0:25:23.710,0:25:30.710 pretty soon after a release is made. 0:25:32.050,0:25:39.050 There's Privoxy, which is an uhm web proxy and uhm, we'll use it later when we do the demonstration 0:25:41.320,0:25:44.310 And there's net management Vidalia which is a graphical frontend 0:25:44.310,0:25:47.200 also for Windows 0:25:47.200,0:25:48.260 and, uhm 0:25:48.260,0:25:53.929 there's trans-proxy-tor 0:25:53.929,0:25:58.650 which enables you to actually 0:25:58.650,0:25:59.560 uhm, well there's some 0:25:59.560,0:26:02.080 badly written applications out there 0:26:02.080,0:26:05.280 that do stuff that's 0:26:05.280,0:26:07.510 that makes it hard for Tor to 0:26:07.510,0:26:08.860 anonymize them 0:26:08.860,0:26:10.810 and you can use trans-proxy-tor 0:26:10.810,0:26:15.510 to tunnel such connections through the Tor network. 0:26:15.510,0:26:20.580 We'll actually talk about them in the next slide. 0:26:20.580,0:26:24.960 Yeah. What else do you need to take care of besides running Tor? 0:26:24.960,0:26:27.130 Uh, there's name resolution, uh... 0:26:27.130,0:26:28.760 Some applications just 0:26:28.760,0:26:30.500 bypass the configured proxy 0:26:30.500,0:26:34.500 for example Firefox versions below version 1.5, 0:26:34.500,0:26:35.700 which send every data, 0:26:35.700,0:26:38.320 all data through the proxy 0:26:38.320,0:26:38.909 but not 0:26:38.909,0:26:40.880 DNS requests 0:26:40.880,0:26:44.380 so they actually result in mistrust 0:26:44.380,0:26:46.450 and uh, so yeah 0:26:46.450,0:26:49.280 the connection is actually anonymized 0:26:49.280,0:26:51.080 but the DNS server 0:26:51.080,0:26:52.250 really knows 0:26:52.250,0:26:53.870 uh, who you were talking to 0:26:53.870,0:27:00.870 and this is really the intention of Tor, but uh, newer versions actually takes. 0:27:03.130,0:27:04.240 Uh, there's the usual 0:27:04.240,0:27:09.990 cookies, web-bugs, referrer and stuff, uhm 0:27:09.990,0:27:11.800 which uh, 0:27:11.800,0:27:13.530 sites can use to check which 0:27:13.530,0:27:20.530 websites you're visiting, and it's just the usual disabling stuff 0:27:20.549,0:27:23.250 Privoxy is a great tool to 0:27:23.250,0:27:28.160 normalize HTTP traffic. 0:27:28.160,0:27:30.010 And it's also great to uhm, well filter off advertising 0:27:30.010,0:27:36.370 and stuff. 0:27:36.370,0:27:38.660 This should be really obvious 0:27:38.660,0:27:41.110 but apparently is not. Uhm, 0:27:41.110,0:27:43.770 There's so many people who don't realize 0:27:43.770,0:27:44.700 that the last connection 0:27:44.700,0:27:46.380 chain is actually unencrypted 0:27:46.380,0:27:50.900 if you're using, uh 0:27:50.900,0:27:53.250 if you're not using a secure protocol. 0:27:53.250,0:27:54.100 So, 0:27:54.100,0:27:56.440 people actually uhm, 0:27:56.440,0:27:59.430 get their mail through POP3 or something 0:27:59.430,0:28:04.870 and the exit nodes can just run desniff and sniff out all the passwords. 0:28:04.870,0:28:11.870 And it's really surprising how many people uh, do this. 0:28:13.450,0:28:16.700 So, lesson learned: use secure protocols. 0:28:16.700,0:28:18.220 There are also other services that require 0:28:18.220,0:28:20.630 registration, for example, 0:28:20.630,0:28:22.040 with your e-mail address or 0:28:22.040,0:28:23.640 personal 0:28:23.640,0:28:25.360 data 0:28:25.360,0:28:27.590 and uh, well 0:28:27.590,0:28:28.620 if you're using Tor and you 0:28:28.620,0:28:35.620 actually log on to one of those services, Tor can help you 0:28:40.850,0:28:42.440 So, once I actually demonstrate how 0:28:42.440,0:28:49.440 this all works. 0:29:13.550,0:29:15.520 Uh, I've installed Tor and 0:29:15.520,0:29:22.520 Privoxy on this system 0:29:24.810,0:29:27.180 Config files are on the usual places. 0:29:27.180,0:29:34.180 And if you read this, this little... small... Is this alright? 0:29:46.950,0:29:50.600 So there is this torrc sample file 0:29:50.600,0:29:57.600 which we can use 0:30:07.020,0:30:08.370 so this 0:30:08.370,0:30:10.340 there's the usual commands and stuff 0:30:10.340,0:30:11.030 and this, 0:30:11.030,0:30:15.720 much stuff that we don't need for the moment 0:30:15.720,0:30:19.840 there's this uh, 0:30:19.840,0:30:24.220 SOCKS port and SOCKS listen address information 0:30:24.220,0:30:31.220 that just 0:30:32.770,0:30:34.659 tells you where to connect your uh, 0:30:34.659,0:30:36.679 your proxy to 0:30:36.679,0:30:38.200 so this is the information that we use in Privoxy to 0:30:38.200,0:30:41.450 access Tor. 0:30:41.450,0:30:42.190 Uhm, 0:30:42.190,0:30:45.320 all we have to do to actually use Tor is 0:30:45.320,0:30:48.970 copy over the config file. 0:30:48.970,0:30:55.970 Start the service 0:31:04.110,0:31:10.570 so, it tells us it's running... Now we have to 0:31:10.570,0:31:12.350 take a look at Privoxy 0:31:20.880,0:31:25.120 There's also lots of stuff that we don't need right now 0:31:25.120,0:31:30.360 What we need is the uh, 0:31:30.360,0:31:31.740 we need to tell 0:31:31.740,0:31:33.809 Privoxy uh, 0:31:33.809,0:31:40.809 where to send connection requests. 0:31:51.740,0:31:53.659 Ok, I've actually entered this earlier 0:31:53.659,0:31:54.860 uhm, 0:31:54.860,0:31:58.700 all it says is uh, 0:31:58.700,0:32:03.490 forward all requests to 0:32:03.490,0:32:10.490 the uh, SOCKS client 0:32:13.020,0:32:20.020 So we just start 0:32:34.120,0:32:38.870 Ok, so we are all set 0:32:38.870,0:32:40.480 Now we can just do 0:32:40.480,0:32:47.480 everything with our browser 0:32:50.790,0:32:52.029 Startup time sucks a bit 0:32:52.029,0:32:59.029 because of my external drive 0:33:06.860,0:33:08.070 okay, uh 0:33:08.070,0:33:11.470 proxy settings 0:33:11.470,0:33:16.140 we just put in our Privoxy server 0:33:16.140,0:33:23.140 which listens on port 3128, hopefully, or doesn't? Oh, 8108, that's it. 0:33:47.360,0:33:49.060 Ok, so every 0:33:49.060,0:33:56.060 connection we want to make should actually be routed through the Tor network 0:33:56.820,0:33:58.880 uhm, this is going to take a little bit, 0:33:58.880,0:34:01.950 Because all the route selection needs to be done 0:34:01.950,0:34:08.950 all the public crypto, there's also network latency 0:34:13.059,0:34:14.539 Once the connections are actually setup 0:34:14.539,0:34:17.789 it's pretty fast, not like this 0:34:17.789,0:34:21.159 and it's uh, really dependent upon uh, 0:34:21.159,0:34:21.419 which 0:34:21.419,0:34:23.059 kind of nodes you get 0:34:23.059,0:34:26.669 if you have a node that is running a modem then, 0:34:26.669,0:34:33.669 you'll have problem, it's really slow 0:34:36.099,0:34:42.989 Ok, while waiting 0:34:42.989,0:34:45.319 we can actually take a look 0:34:45.319,0:34:52.319 at how our hidden service is configured 0:34:59.699,0:35:03.369 There's some lines for the Tor config file 0:35:03.369,0:35:07.439 the routing services 0:35:07.439,0:35:14.219 Ok, so you can see here hidden services here and hidden service port 0:35:14.219,0:35:19.369 as I said, the hidden service is identified by a public key, and uh, if you 0:35:19.369,0:35:22.159 uncomment this sutff, 0:35:22.159,0:35:24.999 and uh, 0:35:24.999,0:35:26.619 we start Tor 0:35:26.619,0:35:28.249 quickly 0:35:28.249,0:35:31.690 generate a public key and put it into the start tree 0:35:31.690,0:35:38.690 and it will, uh, well it actually says to uh, 0:35:40.659,0:35:47.659 where this omni address earlier, 0:35:48.549,0:35:49.539 we'll just 0:35:49.539,0:35:56.539 route every connection through this address to this local nodes line 0:36:02.119,0:36:07.199 This could be the case that uh, 0:36:07.199,0:36:08.640 that an exit node 0:36:08.640,0:36:11.599 doesn't uh, 0:36:11.599,0:36:18.599 allow DNS 0:36:19.779,0:36:22.900 Ok, this is typical that when you want to show stuff it doesn't work 0:36:22.900,0:36:25.369 It worked earlier, so uh, it's not the network's fault 0:36:25.369,0:36:27.619 let's uh, 0:36:27.619,0:36:31.609 back to the hidden services 0:36:31.609,0:36:38.609 So we actually need to 0:36:39.230,0:36:46.230 change this 0:36:51.170,0:36:55.099 The default directory in FreeBSD is /var/db/tor 0:36:55.099,0:36:57.909 and uh, 0:36:57.909,0:37:03.249 and when we start Tor it will actually, uh 0:37:03.249,0:37:07.499 create the service directory 0:37:07.499,0:37:11.789 by itself. It's also a web server listening on port 80 on localhost 0:37:11.789,0:37:13.889 so we can 0:37:13.889,0:37:20.889 and hopefully will be able to see it later on 0:37:45.849,0:37:48.529 Okay, so let's see if 0:37:48.529,0:37:49.679 this stuff is already 0:37:49.679,0:37:56.679 actually created. 0:38:02.829,0:38:03.790 Ok, so you have 0:38:03.790,0:38:05.069 two parts in this directory 0:38:05.069,0:38:11.650 hostname and private key. Private key is uh, self-explanatory 0:38:11.650,0:38:14.739 and the hostname is actually what you give to people if you want to 0:38:14.739,0:38:21.739 to publish your service 0:38:33.319,0:38:36.039 This is actually less likely to work right now 0:38:36.039,0:38:40.059 because it takes some time for Tor to choose these 0:38:40.059,0:38:41.639 introduction points, 0:38:41.639,0:38:44.880 send all this stuff to directory services 0:38:44.880,0:38:47.369 It takes time for directory services to sync up 0:38:47.369,0:38:54.329 and actually distribute information to the clients 0:38:54.329,0:39:00.789 and when we want to access the service, we actually put this address into the uh, 0:39:00.789,0:39:03.889 the address line, and uh, 0:39:03.889,0:39:05.069 Tor knows how to 0:39:05.069,0:39:12.069 deal with this uh, the Onion top-level domain, so uh 0:39:15.410,0:39:22.410 this usually actually works. Let's see what's going on here... 0:39:33.499,0:39:35.049 Well, like I said 0:39:35.049,0:39:37.529 this one will take a while and 0:39:37.529,0:39:40.450 what's going on with the other one? I can actually see 0:39:40.450,0:39:45.039 But uh, 0:39:45.039,0:39:47.850 usually you can just go to one of these server websites 0:39:47.850,0:39:50.209 that tell you your IP address, and 0:39:50.209,0:39:52.899 Google is a fair example 0:39:52.899,0:39:56.709 you can go to Google and Google will get you a 0:39:56.709,0:40:00.589 localized web page. 0:40:00.589,0:40:02.879 For example, when you are from Germany, and you go to 0:40:02.879,0:40:04.099 google.com, you get a German webpage 0:40:04.099,0:40:07.379 and if you're using Tor and you go to Google, 0:40:07.379,0:40:09.679 it depends 0:40:09.679,0:40:10.319 upon where your exit point is located 0:40:10.319,0:40:11.859 for example, 0:40:11.859,0:40:14.029 if it is in the Netherlands, 0:40:14.029,0:40:21.029 you get a Dutch Google, which is uh, pretty cool. 0:40:23.329,0:40:25.549 So uh, 0:40:25.549,0:40:27.419 I'll have to take a look later 0:40:27.419,0:40:28.829 while I'm working 0:40:28.829,0:40:35.829 So let's just, continue for a moment 0:40:38.569,0:40:41.009 Ok, to summarize, uh 0:40:41.009,0:40:44.799 Tor is actually useful if 0:40:44.799,0:40:51.799 you want to be hidden on the net. If it actually works. Not in this case, uh 0:40:55.519,0:40:59.339 Tor is usually pretty cool to offer services from anywhere 0:40:59.339,0:41:00.410 so theoretically 0:41:00.410,0:41:02.509 it should work 0:41:02.509,0:41:03.549 that I 0:41:03.549,0:41:06.049 publish my hidden service around here 0:41:06.049,0:41:10.429 and anyone in the world that's connected to the Tor network can actually access it 0:41:10.429,0:41:12.169 and uh 0:41:12.169,0:41:14.799 FreeBSD is a pretty cool platform for Tor 0:41:14.799,0:41:18.819 Because it has very nice 0:41:18.819,0:41:21.779 security features like jail 0:41:21.779,0:41:23.949 and if you want to run a Tor node 0:41:23.949,0:41:25.899 and uh, 0:41:25.899,0:41:27.949 tools like Tor are really needed 0:41:27.949,0:41:28.860 in our time 0:41:28.860,0:41:35.860 this isn't going 0:41:36.599,0:41:43.599 to get better any time soon; so uh, we better create the tools now 0:41:45.779,0:41:52.779 to circumvent this 0:41:52.899,0:41:59.039 Take a quick look at the uh browser again 0:41:59.039,0:42:00.089 currently the uh, 0:42:00.089,0:42:02.660 connection set up failed 0:42:02.660,0:42:04.070 which I can't do anything about right now. 0:42:04.070,0:42:11.070 uh, which one? 0:42:23.089,0:42:25.629 Oh, that's all me 0:42:25.629,0:42:27.539 uhm 0:42:27.539,0:42:30.249 it depends upon 0:42:30.249,0:42:33.140 you can use any port you like 0:42:33.140,0:42:34.539 It depends on uh, 0:42:34.539,0:42:39.279 what port the nodes use. Nodes can use any port 0:42:39.279,0:42:42.259 for example, when I don't want to run nodes 0:42:42.259,0:42:44.109 I can put it on pause 0:42:44.109,0:42:45.679 port 80 if you want 0:42:45.679,0:42:47.470 so anyone who uh 0:42:47.470,0:42:49.219 who has uh 0:42:49.219,0:42:50.979 HTTP access can actually access my node 0:42:53.009,0:42:56.529 so uh 0:42:56.529,0:43:01.299 In theory uh 0:43:01.299,0:43:05.959 you can use any port you like. 0:43:05.959,0:43:12.009 So, this isn't going to work. 0:43:12.009,0:43:13.519 Maybe I'll just uh, 0:43:13.519,0:43:20.519 if anyone is interested, I'll just try again later 0:43:33.089,0:43:34.680 That's port 80 0:43:34.680,0:43:39.369 it's a you know, HTTP connection so, 0:43:39.369,0:43:42.359 So, are there any questions? 0:43:42.359,0:43:49.359 Yes? 0:44:06.140,0:44:08.689 Well, usually I use Opera, so 0:44:13.679,0:44:15.659 I didn't know 0:44:26.839,0:44:28.970 Yes, there are about 300 uh, 0:44:32.879,0:44:35.040 I think about 0:44:35.040,0:44:39.759 300 Tor servers around the world 0:44:39.759,0:44:43.349 No, it's uh correct 0:44:43.349,0:44:47.119 at the moment there are three directory servers 0:44:47.119,0:44:49.579 worldwide 0:44:49.579,0:44:51.630 you can recognize them by their public key 0:44:51.630,0:44:52.909 and their public keys are 0:44:52.909,0:44:56.119 hard coded into the source code at the moment 0:44:56.119,0:44:58.799 so, the uh 0:44:58.799,0:45:01.499 Tor developers actually run those directory servers 0:45:01.499,0:45:08.499 but this is really critical infrastucture 0:45:11.729,0:45:12.719 uhm 0:45:12.719,0:45:14.729 Well it's it's hard to say 0:45:14.729,0:45:16.219 Because the question was uh 0:45:16.219,0:45:21.799 Were there any estimates on uh, 0:45:21.799,0:45:26.489 net usage and other stuff 0:45:26.489,0:45:31.730 it's really hard to say because it's an anonymization network so uh, 0:45:31.730,0:45:32.999 you can't say for sure, but there are estimates of one hundred thousand users around the world 0:45:32.999,0:45:36.949 and uh, I'm not sure of the traffic. 0:45:36.949,0:45:39.219 I used to run a middleman node, 0:45:39.219,0:45:40.369 and in one monthm 0:45:40.369,0:45:42.699 it would make 0:45:42.699,0:45:43.849 it was on a one hundred megabits 0:45:43.849,0:45:45.359 or dedicated line, 0:45:45.359,0:45:47.249 and it made about one terabyte of traffic 0:45:47.249,0:45:49.459 so it's a lot of traffic 0:45:49.459,0:45:52.449 going on 0:45:52.449,0:45:56.259 and unfortunately also a lot of filesharing systems 0:45:56.259,0:45:59.739 which it doesn't relly make sense because they're slow 0:45:59.739,0:46:00.570 So uhm, 0:46:00.570,0:46:01.609 Tor is really cool 0:46:01.609,0:46:03.359 for web browsing and stuff 0:46:03.359,0:46:10.359 but if you really want to move a lot of data it's not a good tool 0:46:10.759,0:46:11.479 Ah, any other questions? Doesn't seem to be the case. Ok!