lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8924bb489f344f5a2c94bbdd910a12837ca2be6c
hpr-knowledge-base/hpr_transcripts/hpr0383.txt
Lee Hanken 7c8efd2228 Initial commit: HPR Knowledge Base MCP Server 
- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00

192 lines
11 KiB
Plaintext
Raw Blame History

Episode: 383
Title: HPR0383: TOR Interview
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0383/hpr0383.mp3
Transcribed: 2025-10-07 19:31:02
---
!
This is Krasu, I'm at the after-after party at Southeast Linsfest, and I'm talking to
Wendy from the Onion Router.
What is the Onion Router?
Well, the tour project is an instance of onion routing anonymizing software that sends
traffic through a series of hops on its way to its destination, so that ISPs along the
way, the destination site, can't figure out who you are and what you're browsing at the
same time.
Nice.
So, I guess the immediate appeal to that is fairly obvious.
Who uses it?
I mean, is it just because your paranoid or, I mean, is there...
Well, it's anyone who wants to avoid traffic analysis of their activity, and that
ranges from people who are looking for competitive intelligence about a business sector and don't
want their competitors to know that they are doing deep investigations of what's posted
on a public website to victims of domestic violence who are trying to use the web without
attracting attention from their attackers to people in government, so the tour was initially
funded by naval research, and government doesn't want people knowing what it's investigating,
even among public documents either.
And so, at a whole range of uses, among the uses that we're seeing lately, an increasing
number of people using it to circumvent national level censorship, filtering the great
firewall of China, because traffic through the tour network is encrypted and only comes
out at the other end from a different country often than where it started.
You won't trigger a key word or a destination based filtering rules, and so a user in China
trying to learn more about the events of Tiananmen Square might be able to get to sites through
a tour that were blocked through an unfiltered connection, or heart rate filtered connection.
So I'm gathering what happens that I'm at home, I fire up tour, I go out onto the
interweb, and my signal instead of going to Google.com goes to someone else's server or something,
and then it goes to Google or what, I mean how does it work and who's servers on my bouncing
off of?
Well, the servers in the tour network are run by volunteers, so each node and its volunteer
are operated, and we call it onion routing because at the source the packets are wrapped
in a few layers of encryption, and the tour design uses a three-hop route, so you find
an entry node, it unwraps one layer of encryption which tells it the destination for the next
talk, and that middle node then doesn't know the source or the destination only that it's
got a somewhat encrypted packet that it needs to, a fully encrypted packet that it needs
to fully, that it needs to pass on to an exit node, the exit node unwraps, sees the destination
but not who's sent it into the network, and sends it off to Google or the site you were
trying to reach, and then it takes the same path in reverse on the way back, and how is
this path determined, like I mean if I go to Google, am I always sent the same way to
it, or is it just like whatever's available, or?
I should know here that I'm not one of the technical architects, so I have no idea what I'm
asking anyway, but the design, it's all fully open-source and open spec specified on the
site, so I believe that the routes are determined and left for a period of a few minutes, and then
get cycles switched on, but if I'm wrong, everyone can go to the torproject.org website and read
the correct address, the description instead.
Okay, well here's the question that you probably do know that, and I think you already answered
it, but it might be a dumb question.
So if I'm at a conference, like Southeast Literacy Festival, I decide I want to check my
email, and normally I would tunnel, you know, I'd make an SSH tunnel and just fire up a
web session through there and do all my browsing through there, so if I had torr, could
I start that up and that would encrypt from end to end the same way, or is it different?
Well, in the similar way to your SSH tunnel, so like your SSH tunnel, tor can't encrypt the
connection between an exit and a website or other service that doesn't offer encrypted
connection, but you put the tor client onto your machine and then your traffic is encrypted
from there until the point that exits the tor network.
Okay.
So if you were concerned, somebody at one of these conferences was sniffing your connection,
trying to see what you were doing, routing the connection through torr would stop that.
Okay, so just, I guess just briefly like a brief explanation, so if I want to go home now,
because I've learned about Torr, I want to sit down from my computer and get it and start using it on a
Linux box, how do I set that up?
Well, depending on what distribution you use, go to torproject.org and you can get source code,
tarballs, or packages that are made up for many distributions and install those from
whatever package manager you use.
If you were using a Windows or Macintosh system, there are even bundles that you could download for
Windows, you could download the Torr browser bundle and put it onto a USB stick to take with you.
Right.
If you went to an internet cafe and didn't want to use whatever was installed locally on their machine,
you could launch this from USB key and you could set up like a proxy thing or something I
seem to recall.
I have to set that up on Firefox when I get it to recognize it or was enabled or something
like that, does that sound familiar?
So, if you are not using the bundle, which sets those things up for you, then you would have to
tell Firefox directly, I'm not connecting directly to the internet instead I'm using an HTTP
proxy and that HTTP proxy is sending the traffic to Torr, which behaves as a socks proxy.
Okay.
All right.
And so, for us, your Polyfo will serve as that middle layer.
Okay.
So, what?
I mean, if you can install the Torr button extension for Firefox, that's what I use.
Which will do the toggle for you and also protect you against various nasty JavaScript and
history sniffing attacks that could provide to correlate your browsing behavior between anonymous
and non-anonymized states.
So, I'm using Torr.
I go to Google, it's all in German.
Why is that?
What does that mean?
Well, it's because Google is using geolocation detection and it sees that your packets are exiting
to the Google server from probably an exit node located in Germany.
Right.
And so, Google thinks it's being helpful by giving you Google.de instead.
And you can know it's working.
That's right.
Even without going to the Torr check.
Right.
Well, website.
Right.
And so, there is a Torr check.
There is that where it will say that you are not.
You are.
Or at least you are exiting from a known Torricks that node.
Yeah.
And we mentioned public lists of those Torricks that node.
So, I mean, to set up, let's say that I had a spare, I guess, server or I guess a world-connected
server.
I mean, how could I set up, is it complex to be a tour node or is it kind of like just installing
a server daemon or something and going for it?
It is not complex, technically.
It's the same package that would give you a Torr client.
Change a few configuration options.
Okay.
Either in the text configuration file on the Linux machine or through the Vidalia GUI.
And you can off to become a server.
And you can set your exit policy.
Okay.
Which course you want to permit exit.
Okay.
And you're good.
Or if you choose, you can be a middle node in the Torr network that just passes it.
Just passes traffic.
Yeah.
In the middle of those connections.
Right.
So it doesn't get seen by the outside world as a source of traffic.
Or you can off to be a bridge relay helping users from censored countries.
Or to connect to the network.
If they have difficulty reaching the publicly listed node.
So I set up the Torr middle node at work without anyone knowing that I was doing it.
Because I was in a test environment anyway.
So I figured, why not?
Are there any signs that there is a middle node on like one of my servers?
Well, I'll assume that you had all the right authorization to do that.
Yeah, yeah, yeah.
And it was my server.
Sure.
And so you'll see increased traffic.
Right.
Yes.
Which is true in front of the machine.
Which is what I wanted.
That's what I wanted to generate anyway.
But that's it really.
I mean, it's not like you might see increased CPU usage.
I'm not aware of other things that you would see.
Okay.
And then you're helping to contribute to the network.
Helping to make it run faster for everyone else who uses this.
Yeah.
Contributing to the anonymity shaft would make the anonymity stronger for everyone using the network.
So I kind of forgot to ask you, what do you do for Torr?
Who are you?
Well, thanks for limiting.
I am a member of the Board of Directors.
Torr is a 501-C3 non-profit.
So it's a core team of now like seven page employees working on the development of the code and the architecture of the network.
And so as a non-profit, we have a board of directors working on the strategic goals of the organization and some fundraising.
So if you like Torr and you're not able to run a server, encourage people to go to Torr project.org.
And see if there's a donation they can make.
You can do one of the code, money, time, any of the translations, any of those things that are helpful to the project.
Yeah.
One of the first time I heard about Torr was at an organization called Human Rights Watch, which sends out people to basically watch country governments see how they're treating humans.
If they're human rights abuses, things like that.
And they, in order, like you said, I think, you know, in order to be protected from people trying to figure out that they were in the country watching, you know, they had to use Torr.
So I mean, it's project like that.
I mean, it's not just a paranoid hacker in his mom's basement wanting to use Torr to be paranoid.
It's like real people like meeting, you know, the, the, and the enmity that they deserve and that they, that they have a right to really.
But that's right.
And aid workers going into foreign companies or places with corrupt local administrators who wouldn't like, you know, or who would very much like to know.
Right.
Cause harm to somebody who was reporting on conditions there using Torr and other good security practices to disguise their location and hide their traffic.
That is absolutely an important use.
Yeah, really important.
Yeah.
I really, I admire all the work that you guys are doing at the onion router.
And I thank you for your time and the energy.
Thank you very much.
Okay.
Thank you for listening to Hack with Public Radio.
HPR is sponsored by Carol.net.
She'll head on over to CARO.NAC for all of her TV.
Oh.
Oh.
Reference in New Issue View Git Blame Copy Permalink