----BEGIN CLASS---- [14:13] #startclass [14:13] Roll Call [14:13] Kushal Das [14:13] Jason Braganza [14:13] Nagarajan [14:13] Mehul [14:13] aritra [14:13] aman [14:13] Robin Schubert [14:14] shivam soni [14:14] How many of you downloaded the two files I asked for? [14:14] Saransh Sood [14:15] already using tor browser [14:15] me! downloaded both the files [14:15] i have downloaded the files. [14:15] 2 people [14:15] Yes, downloaded the files [14:15] 3. [14:15] me too [14:16] downloaded [14:16] Okay, before any other why/how, we should learn how to verify the software we downloaded from Internet. [14:17] The most important point: always download from the project site, in this case from www.torproject.org itself [14:18] All of you open up terminal, and type without quotes "gpg --version" and then tell us the version of the gpg software. [14:18] Mine: gpg (GnuPG) 2.3.7 [14:19] mine: gpg (GnuPG) 2.3.7 [14:19] gpg (GnuPG) 2.2.19 [14:19] Mine: gpg (GnuPG) 2.2.19 [14:19] gpg (GnuPG) 2.3.4 [14:20] emsar046, You are here after a long time, are you following along by reading the logs? [14:20] no, havent had the chance to go through last class's logs [14:20] Anyway if you don't stay online regularly and chat with others, this training will not be helpful to you (or anyone else). [14:20] emsar046, good for you. [14:22] Now, the second file (ending with .asc) you all downloaded contains a digital signature from the Tor Project developers. Means if anyone else changes anything, the signature will be invalid. [14:22] Follow the steps (from Fetching the Tor Developers key step) given here https://support.torproject.org/tbb/#how-to-verify-signature [14:23] Let us know if you get into trouble or need any help, or done. [14:23] Please paste your signature verification command output in https://paste.debian.org and show us :) [14:23] That way we will know if you need any help. [14:25] kushal this link is https://paste.debian.org not opening [14:25] at least someone tried :) [14:25] rest did not even bother to open it till now :) [14:25] https://paste.debian.net/ [14:26] rishu_raj_, ^^ [14:27] kushal yes this link working. [14:29] https://paste.debian.net/1250160 [14:29] Getting "so such file or directory error" [14:29] change the version number [14:30] ^^ this shows why following the training and talking to people so important. [14:30] emsar046 told us some error, without giving any details. [14:30] If someone thinks that people on IRC have magic mirrors, then they are wrong. [14:30] We (or anyone else) can not help people unless the communication becomes better. [14:31] emsar046, you are supposed to show us the exact command you typed and the output [14:31] via a pastebin, say https://paste.debian.net [14:32] I verified my download, successfully. [14:33] ari0x, Is that a magic spell? like we are supposed to understand? [14:33] I gave an instruction, to paste the command and the output in a given website and show us. [14:35] See many of you are wondering why do we spend so much time to train communication, this is why!! [14:35] sorry sir, here is the pastebin: https://paste.debian.net/1250161/ [14:35] ari0x, ^^ who is the sir? [14:36] kushal, i meant :) [14:36] ari0x, thanks :) [14:37] ari0x, so you can see that the signature is good, means you have correct data. [14:37] https://paste.debian.net/1250163/ [14:38] https://paste.debian.net/1250164/ [14:38] emsar046, so are the names of the files you downloaded? [14:38] if you see that then you will find the error [14:39] emsar046, you are trying to verify ~/Downloads/tor-browser-linux64-9.0_en-US.tar.xz.asc ~/Downloads/tor-browser-linux64-9.0_en-US.tar.xz [14:39] emsar046, I doubt that your version number is not correct in the command [14:39] but if you check then you will find that the file names are different. [14:39] That is because different version number of the software, as saptaks & circuitlover told you. [14:39] okay, checking it out and updating [14:39] emsar046, check the paste from anyone else. [14:40] it will be something like 11.5.x [14:40] emsar046, it is okay to do mistake, check and fix the issue now. [14:42] https://paste.debian.net/1250165/ [14:44] emsar046, so it worked! [14:44] Anyone left? [14:45] rishu_raj_: i guess [14:46] and specbeck, who left [14:46] rishu_raj_, can you please tell us where are you stuck? [14:46] it is okay if you are stuck, but you have to tell us about the problem properly. [14:46] we will help. [14:48] nothing? [14:48] I guess they left [14:49] Coming back to the session, I also gave a link with a graphics showing how Tor works, who all checked that? [14:49] say yes/no. [14:49] yes [14:49] yes [14:49] yes [14:49] yes [14:50] Any questions? [14:50] type ! as usual. [14:50] kushal i am facing some network issue so it's take some time when its done i'll tell you. [14:51] ! [14:51] next [14:51] What do the 2 ISPs in the chain mean ? [14:52] First ISP is the company who is providing you the internet, say Airtel. [14:52] or local cable internet. [14:52] emsar046, can you tell us who is providing you internet? [14:52] Jio [14:52] emsar046, so Jio is the first ISP in your side. [14:53] And then the second ISP is the company who is providing network to the website/server. Say if the server is hosted on AWS (Amazon's cloud service), then it is AWS. [14:53] and who is giving the line to Amazon. [14:53] Okay, got it. [14:53] ! [14:54] next [14:54] what is the role of lawyer, so he will also know what i'm seeing [14:55] i mean, he will only know if my browsing session is in a case, right ? [14:55] circuitlover, or they are just checking things as part of another case. [14:56] oh ok [14:57] ! [14:57] circuitlover, say the local police department wants to check all details from whole of Kolkata city. [14:57] next [14:57] is it safe to use any social media site in tor, because like facebook got a tor service running, right [14:58] s/ in tor, / in tor ? [14:58] Totally depends on what do you mean by "safe". [14:59] If you login to any site, they site operators will know about you. [14:59] and then can track you inside of the site. [14:59] But think about places where using Facebook is banned. [14:59] There using Facebook over Tor and not posting your photo or other details is helpful. [15:00] ok like same as everysite they will not know only my location from where i'm accessing it [15:00] And think about all the searches you can do without any company tracking you (say using duckduckgo or even in google over Tor) [15:00] circuitlover, correct. [15:00] Or your local ISP can not figure out which all sites you are browsing [15:02] ok got it, another quick last question, why you're saying sharing media is not helpful over tor ? [15:02] ! [15:03] circuitlover, Do you know the term opsec? This is part of it. [15:03] circuitlover, say you post your photo or your home location, people (say bad people, or local regime) will find out who you are. [15:04] ok got it, thank you [15:04] circuitlover, It is just like when criminals do crime, think what if every time a politician takes bribe, they tweets out with photo and the cash, what do you think will happen next? [15:05] next [15:05] but can the ISP see I am using Tor? can the government ban tor too? [15:05] circuitlover, I would say posting some media is not safe. You can share media with someone else using tools like OnionShare. But that might be a separate discussion. [15:05] ari0x, yes, in many countries they do that. [15:05] Say China. [15:06] kushal: saptaks: ok sure [15:06] ari0x, check the graphics in the site I sent in the mail, your ISP can see that you are using Tor, but can not see any more details about your browsing. [15:07] okay, sure [15:07] Do you all understand the idea of 3 Tor servers/relayes? [15:07] yes [15:08] I dont think i do [15:08] can you give a small summary? [15:12] What about others? [15:12] kushal yes [15:12] circuitlover, can you please explain to folks here what you understood? [15:13] yeah sure [15:14] 1. http - plain text protocol - everyone can see what you're doing and all [15:16] 2. https - more secure then http - but only safeguard you data in between - means you isp or any middleman will not know your password, but will know what you're visiting and your location [15:19] 3. tor - operates in three relays - you will have three hops before reaching your destination - so your isp and middle man don't know what you're visiting & your data, but they know you're using tor [15:20] ! [15:20] next [15:21] 4. as u said tor operates in three relays - first tor encrypts your data - so the first realy only know your location, relay you to another relay - second relay don't know anything, then relay you to final relay, the final know what you're visiting but not your location, then relay you to your destination site [15:21] can the receiving servers blacklist Tor IPs, so they can block people coming from Tor? [15:22] ari0x, Yes, sadly that happens a lot of time. [15:22] oh! can this be tackled? [15:22] 5. destiantion site and its ISP - don't know your location- they'll only provide what you asked for in their service [15:23] ! [15:23] 6. Thus, your isp don't know where you're going and your end destination don't know where you're from - like eg onion , peeling it to core gets nothing [15:23] s / eg /example [15:25] 7. using https with tor is the core and essential for what you're seeking in the system (privacy), if you use http with tor, then end relay will get hands on your senstive data [15:25] 8. that's all :) i hope i summarised all [15:26] thanks, circuitlover [15:26] ari0x, not without enough activism from people using the sites and people inside the companies [15:26] next [15:26] does having 3 relays in between slow down the browsing speed ? [15:26] Exactly, means it will not super fast like a direct connection. [15:27] but not slow which you will see and understand. [15:27] It is perfectly usable including watching videos [15:27] Right. Thanks kushal. [15:28] Now as the next part, I will not provide the command to extract tor and how to start using it. [15:28] kushal: sorry to interrupt - emergency work - will be back in 15 mins [15:28] ari0x, there are few ways to do censorship circumvention. There are some few different things called bridge, snowflake, meek, etc. But probably can discuss more after the session. [15:29] sure, saptaks [15:30] circuitlover, thanks for informing us. [15:30] ! [15:30] https://www.torproject.org/about/history/ start reading this about history of Tor. [15:31] Then watch this talk https://www.youtube.com/watch?v=ZB8ODpw_om8 [15:31] and also figure out from the torproject website (or via talking to people here) how to extract and start using Tor Browser. [15:32] We want to study and then discuss any problem here. [15:32] There are people online round the clock, most of you are still not talking [15:32] I am ending the session now, and see how/what happens next :) ----END CLASS----