Tor & application-firewall support

Guthro guthro at
Tue Apr 24 13:58:20 UTC 2012

On 2012-04-24 8:03 AM, John Moser wrote:
> On 04/24/2012 08:49 AM, Paul Campbell wrote:
>> There's been some discussion on this mailing list about
>> application-firewalls, and I wanted to say a word about Ubuntu's
>> inability to filter internet connections at the application-level.
> It's doable, just not pretty.
>> I work as a freelance journalist. On many occasions I recommend the use
>> of Tor to sources in middle eastern and southeast Asian countries. For
>> their own safety, they need an anonymous way to upload things to the
>> internet and in general to communicate online.
> Immediately assuming you've got the technical profile of a ZDNet 
> columnist.
>> When needing to use Tor, the source will activate the firewall
>> software's user-created "Tor Profile" and then start a Tor browsing
>> session. When finished browsing, the source will close Tor and change
>> the firewall settings from the "Tor Profile" back to the default profile
>> which in general allows all applications to connect to the internet.
>> This setup ensures that no other applications "accidentally" connect to
>> the internet during an active Tor session and "reveal" the source's true
>> IP address.
> Vacuous.
> A connection from your IP address doesn't "reveal" your source 
> address.  The source address from your computer is stamped on every 
> TOR packet:  it's possible to determine that you're using TOR, 
> regardless. Blocking other connections unrelated to TOR won't hide 
> what you're doing under TOR; and having other connections (say to your 
> e-mail, IRC, P2P, non-sensitive Web sites, etc.) doesn't jeopardize 
> the secrecy of your TOR connection.
> Aside, has anyone considered that actively aiding a sovereign nation's 
> population in accessing materials restricted from the general 
> population's view is an active attack on that nation's procedurally 
> declared national security, and a direct act of war?  Not defending 
> tyranny, just saying:  you are committing an act of war.

Rubbish. It's not even hacking, and only tyrannies claim hacking is an 
act of war.

This is merely working around threats to minimal privacy.

> If we have extradition treaties with these people, it's perfectly 
> reasonable for you to be arrested and shipped over there; and if our 
> government refuses to do so, then the logical response in kind is for 
> them to start bombing our soil.

More rubbish. Who is "our", kemosabe? You need to get over that militarism.
> Some things are worth getting bloody for, and some things carry the 
> implications but in practice those implications never pan out.  You 
> probably won't get extradited and nobody is going to start lobbing 
> nukes just because of people helping crack the Great Arab Firewall.  
> They could though; it's actually a reasonable response.

No, these claims are literally hysterical. Also wrongheaded: we have a 
civic duty to help people whose civil liberties are compromised.



>> Sincerely,
>> Paul Campbell

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Ubuntu-devel-discuss mailing list