[tor-talk] Tor Weekly News — February 18th, 2015
Tor Weekly News February 18th, 2015 Welcome to the seventh issue in 2015 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community. Onion services -- Anonymous web services hosted in the Tor network [1] have until now been referred to as “hidden services”. Although this name accurately describes one of their properties, it does not convey some of the other benefits that the system provides, like end-to-end encryption without a purchased SSL certificate, or self-authenticating domain names outside of the commercial DNS system. Furthermore, as Aaron Johnson points out [2], words like “hidden” and “dark” have an unnecessarily negative connotation. Aaron and other members of the SponsorR team declared themselves in favor of using the word “onion” (as in “onion routing” [3]) to characterize Tor-protected web services. “Hidden services” could be renamed “onion services”, while websites offered as onion services are “onionsites”; an onion service’s URL is its “onion address”, while the dreaded “Dark Web” becomes simply “onionspace”. A full list of new and more precise terminology is in Aaron’s message and on the Tor wiki [4]; please feel free to contribute to the discussion on the tor-dev mailing list with your thoughts. [1]: https://www.torproject.org/docs/hidden-services [2]: https://lists.torproject.org/pipermail/tor-dev/2015-February/008256.html [3]: https://en.wikipedia.org/wiki/Onion_routing [4]: https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorR/Terminology Miscellaneous news -- Nathan Freitas of the Guardian Project announced [5] the release of version 15-alpha-3 of Orbot. This release includes more work on VPN support, and builds on last week’s early release of the PLUTO library [6] to offer support for meek [7], although it is not currently possible to use both at the same time. See Nathan’s announcement for usage instructions and download links. [5]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-February/004243.html [6]: https://github.com/guardianproject/pluto [7]: https://trac.torproject.org/projects/tor/wiki/doc/meek Yawning Angel asked for comments [8] on an implementation of a proposal [9] to let Tor create “ephemeral” onion services, using key material that is supplied at runtime rather than stored on the disk. See Yawning’s post for a detailed explanation of the concept and a link to the new code; however, trying to run this untested and unreviewed new branch “WILL BROADCAST YOUR SECRETS TO THE NSA’S ORBITAL SPACE STATION”, so don’t do that. [8]: https://lists.torproject.org/pipermail/tor-dev/2015-February/008279.html [9]: https://bugs.torproject.org/6411 Yawning also announced [10] version 0.0.4 of obfs4proxy, which “is more useful for the Tor Browser people than anyone else, since it means that the next build can remove the old go.crypto cruft from the build process, and the ScrambleSuit client provider can be switched over to obfs4proxy like obfs2 and obfs3 have been”. [10]: https://lists.torproject.org/pipermail/tor-dev/2015-February/008306.html SiNA Rabbani announced that Faravahar, the directory authority which he operates, will be moving to a new IP address on Friday [11]. [11]: https://lists.torproject.org/pipermail/tor-dev/2015-February/008278.html Thanks to cuanto [12] for running a mirror of the Tor Project website and software! [12]: https://lists.torproject.org/pipermail/tor-mirrors/2015-February/000858.html Thomas White published [13] a guide [14] to configuring an Nginx webserver as a hidden service: “It isn’t intended to be a hardening guide or an ultra secure way of hosting, but it is for people who want to casually publish some static HTML files or with a little extra configuration to host some applications”. [13]: https://lists.torproject.org/pipermail/tor-talk/2015-February/036886.html [14]: https://www.thecthulhu.com/setting-up-a-hidden-service-with-nginx/ Collin Anderson and the University of Toronto’s Citizen Lab made a joint submission [15] to the United Nations Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, examining the importance of digital security software such as Tor in upholding free expression and the right to privacy. [15]: https://citizenlab.org/wp-content/uploads/2015/02/SR-FOE-submission.pdf carlo von lynX wondered [16] about the truth of the statement that “it would take latencies in the order of hours to fully make communications impossible to shape and correlate”. Roger Dingledine clarified [17]: “It’s actually worse than that — we have no idea. I’d love to have a graph where the x axis is how much additional overhead (latency, bandwidth, whatever) we’re willing to add, and the y axis is
Re: [tor-talk] Tor on Arm Device
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I talked about that issue some months before on the mailing list. Like Roger said it is more work to harden Firefox or Iceweasle on (I assume you are using Raspbian?) for Arm. I liked very much, that if you compule tor on arm you get an DEB file. It would be greate if there where a compiling script, for compiling the TBB sourcecode on any platform. - -- SecTech t...@firemail.de GPG-ID: 0x364CFE05 -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJU5MjPAAoJENR4jiM2TP4FrDIP/Rqb8xVV///tvGfB1YCiJbWC WWe9/DMP91HFQtD2WBuI8+UfS9zNTWS3yYGwzbJlOjjGFidZTE8s+o3r9HeqkUBE uPkPxyiSj2noFcjNpIR9kMJCFVUoC9KYCZ6l2iu9GgPnZ9AmJ0M+cOz0DbO0klPK gQ7pijd8an0vzDXRwrXBH0B4rBaWyZ/LxJa/qjQUyaCfXs1wIFmee9rA2e1WVwqw Js7K2WaBN4t76s1Hplbe5BjfwWiuqitsEgVwez5pPPy/nAvsKmhEyd1020tQRJG4 QE5A2dQf/lK00uRPdMEiBGODMdsh0Xwe1dyjFh30ftjvPI5jwE/Ui67XvnHN1H7M 0B1IbmovpymnPwDVLT5+7BWaBedKHSjcGHdlQ/ydTCuaIVgTENZFq0t889OiO+cR AmZkERkIVaRZ1Fm+bXTznvDjhmt52Pa2hKcLvSQAQ75pP3Ams4xbMA0E9AFzaDed zqJYUuy/kKi1swiAYm+1XdWFCY2PC9uX7gjDs3r7x69RoUNs19tMOmyfN5DnKb3m PqS6mTbbqWs/WCbQ3di+TV/YSfLg4BhcEQO7s4hoIVBTgbWT6fySrQA0WCpRW5J9 u8rhP340FQQXvBCGUuXU5BuLm67PobzAgFZ2qwAhhibnrZdviCzUNjyTJOyScx7o 6EtQCJSHgFCXZemAz6Oo =Hjhj -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and HTTP/2?
Lara wrote (18 Feb 2015 17:42:46 GMT) : What is the stand of the Tor Project related to HTTP/2? Tor can transport basically anything that lives on top of TCP. Assuming HTTP/2 is TCP, then there's basically nothing to do on the Tor side, it should just work :) And I guess HTTP/2 won't be widespread enough to be very useful for pluggable transports before a while. No idea if the protocol has specific issues that will delay its support in Tor Browser until later than whenever Firefox ESR supports HTTP/2. Cheers, -- intrigeri -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor and HTTP/2?
What is the stand of the Tor Project related to HTTP/2? Thank you -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and HTTP/2?
intrigeri: Tor can transport basically anything that lives on top of TCP. Assuming HTTP/2 is TCP, then there's basically nothing to do on the Tor side, it should just work :) Right. But see the WebRTC issues, does Tor browser team know of problems with this new HTTP flavor? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] stronger anonymous macosx
Hi Tor community, I would like to know if we can boost anonymous and security on mac os x. Because a simple install of tor browser could be a little light for anonymous web. I look for a stronger tor with a max of security on mac os x. How I can tuning it? Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor over SSH (torsocks) (?)
Lars Luthman: [...] Step 5: Read the hidden service address from /var/lib/tor/ssh-hs/hostname, write it down somewhere. Once Tor has had a couple of minutes to get the service descriptor onto the network, try to connect ('usewithtor ssh your_hs_address.onion'). And once you a sure you can connect to the hidden service and won't lose the onion address, you might want to add ListenAddress 127.0.0.1 to your /etc/ssh/sshd_config to disable regular connections. -- sycamoreone -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
FYI tor-talk, there is some gathering happening around this subject. Relavent starting threads, tickets and such linked below for those interested. Someone else can suggest what list to move the work to. http://lists.nycbug.org/pipermail/tor-bsd/2015-February/000225.html https://lists.torproject.org/pipermail/tor-dev/2015-February/008307.html -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor over SSH (torsocks) (?)
Hi, It sounds like you need to do a little introspection on why you want to torify your ssh. You've already confessed to having a lack of faith in your own technical ability. You need to ask yourself the question--what is my threat model? You want to connect to a VPS--how did you pay for this VPS? If you didn't pay for it using anonymous currency then you might consider that torifying your ssh access will provide limited anonymity if a (digital) paper trail exists. Without using a hidden service you need to consider that the port you use on your VPS will influence the choice of exit relay. Even if you use a hidden service you need to trust the HS guard. If you use a hidden service and your guards come under attack you may end up being unable to connect to your VPS. In any case you may experience dropped connections or the limited ability to connect. Which means you'll need fallback connection methods or a server setup to detect-correct faults. tl;dr Based on Roger's response you could use torsocks just fine. That won't change needing to secure access (ie key-based auth). So you'll need to read the man pages irregardless. Focusing on access via tor before knowing how to secure your VPS will come back to haunt you. That's why I recommend netcat via proxycommand. Why use torsocks if you don't have to. It's not like you won't be editing the config files anyway. --leeroy -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor over SSH (torsocks) (?)
On 2015-02-16 22:56, Dave Warren wrote: On 2015-02-16 03:30, blo...@openmailbox.org wrote: On 2015-02-16 02:31, Dave Warren wrote: On 2015-02-15 16:35, Mirimir wrote: On 02/15/2015 02:22 PM, blo...@openmailbox.org wrote: I want to login to my VPS over SSH. Is torsocks still a safe way to do this? A lot of the documentation (such as it is) is several years old. I prefer to run an SSH hidden service on the VPS. I'd tend to agree; if you control the endpoint, set it up as a hidden service rather than having Tor exit node involved at all. While running hidden services alongside non-hidden services introduces some risks, most of these are less significant when connecting to SSH on a server that you control. I don't think I phrased my question very well. I'm not running a hidden server. I'm just logging in to a shared VPS to ftp. etc, rather than logging in to a control panel over HTTPS. I just want a simple way to do ssh IP port but with Tor. Understood. But the suggestion is that you SHOULD run a hidden server to listen for SSH connections over Tor as this will be far more reliable and secure than having to rely on an exit node. The rest of the server doesn't need to be a hidden server, and SSH can still listen as both a Tor hidden server and a regular public server, but by making it a hidden server within Tor, you remove one of the major risk factors of using Tor: The exit node. Thanks for the advice. I understand what you are saying. My point is that, to me at this moment, setting up a hidden service on my VPS sounds somewhat intimidating. I realise that to you and most technical people on this list, it's something trivial. I am not a naturally technical person (if we can divide people up into technical and non-technical segments). Hence, to you and your ilk, what is normal and easy, appears complicated and demanding to people like me. At the same time, perhaps I'm wrong and it's easy to set-up a hidden server to look for SSH connections? Perhaps I'm assuming that things are harder than they are in order to persuade myself not to learn. I'm also time poor at the moment which doesn't help! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor over SSH (torsocks) (?)
The rest of the server doesn't need to be a hidden server, and SSH can still listen as both a Tor hidden server and a regular public server, but by making it a hidden server within Tor, you remove one of the major risk factors of using Tor: The exit node. How about running torsocks via a VPN so the content is encrypted after it exists the exit node? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Call for Participation – ACM SigComm2015 – Workshop on Ethics in Networked Systems Research
Call for Participation – ACM SigComm2015 – Workshop on Ethics in Networked Systems Research Co-located with ACM SIGCOMM’15http://conferences.sigcomm.org/sigcomm/2015/ August 21st 2015 London, UK A full day workshop titled “Ethics in Networked Systems Research” will be held at the ACM SIGCOMM 2015 in London. This multidisciplinary workshop will bring together two distinct groups of researchers: - Computer scientists, network scientists and other technical researchers who are interested in the ethical and legal aspects of their work; - Researchers studying the various ethical, social scientific and legal aspects of data-driven projects in the field of computer and data communication networks. This workshop seeks 1 to 4 page summaries, focussing on ethical considerations of papers, publications and projects from the two disciplines, for example: - Technical research in the field of computer and data communication networks that either operates in an ethical grey zone, collects and processes personal data/personal identifiable information, or has been rejected from another venue on ethical grounds; - Ethical, social scientific or legal research that reflects on – or aims to guide – technical research and projects in the field of computer and data communication networks, especially an analysis to minimise the potential harm whilst enabling a broad range of Internet research to be conducted. Selected authors and invited speakers will present their work, which will be followed by a structured discussion. The workshop will also facilitate an interactive session in which participants will split into multidisciplinary groups and address emerging ethical dilemmas in Internet measurement and information controls research, partly based on the submitted summaries. This session will be informed by a website (currently under development), that presents ethical guidelines for the fields of Internet measurement and information control. Papers submitted to this workshop will not be archived in the formal sense, so authors can submit papers elsewhere, or submit summaries of previously accepted papers. Important Dates Paper submission deadline – March 31st, 2015 Paper acceptance notification – April 30th, 2015 Organisers Prof. Ian Brown – Oxford Internet Institute Dr. Joss Wright – Oxford Internet Institute Bendert Zevenbergen – Oxford Internet Institute Erin Kenneally – University of California San Diego, Center for Applied Internet Research Elchemy, Inc. Dr. Malavika Jayaram – Berkman Center for Internet Society, Harvard + Centre for Internet Society, India Allen Gunn – Aspiration Tech Meredith Whittaker – Measurement Lab Christopher Wilson – the engine room Stuart Schechter – Microsoft Research Please email papers to bendert.zevenber...@oii.ox.ac.ukmailto:bendert.zevenber...@oii.ox.ac.uk Workshop website: http://conferences.sigcomm.org/sigcomm/2015/netethics.php -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor over SSH (torsocks) (?)
On Wed, 2015-02-18 at 14:12 +, blo...@openmailbox.org wrote: At the same time, perhaps I'm wrong and it's easy to set-up a hidden server to look for SSH connections? Perhaps I'm assuming that things are harder than they are in order to persuade myself not to learn. I'm also time poor at the moment which doesn't help! Step 1: Install Tor ('apt-get install tor' on Debian) Step 2: Create a directory where the HS data will be stored ('mkdir /var/lib/tor/ssh-hs chown debian-tor.debian-tor /var/lib/tor/ssh-hs' on Debian, as root) Step 3: Add the following lines to the Tor configuration file: (/etc/tor/torrc on Debian): HiddenServiceDir /var/lib/tor/ssh-hs/ HiddenServicePort 22 127.0.0.1:22 Step 4: Make Tor reload its configuration file ('service tor reload') or simply restart Tor ('service tor restart'). Step 5: Read the hidden service address from /var/lib/tor/ssh-hs/hostname, write it down somewhere. Once Tor has had a couple of minutes to get the service descriptor onto the network, try to connect ('usewithtor ssh your_hs_address.onion'). It's definitely not more complicated than setting up a VPN or much more complicated than using SSH in general. --ll signature.asc Description: This is a digitally signed message part -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Onion Proxy Library
I just updated the Tor Onion Proxy Library [1]. The library will set up a Tor Onion Proxy and help you connect to it as well as use it to host a hidden service. It provides an AAR for Android and a JAR for Linux, OS/X and Windows. The updates are: Re-wrote the readme to provide some sample code Changed build process to simplify it Updated binaries for Android, Linux, OS/X and Windows to Tor 2.5.10 Updated Android project to work with SDK 21 Updated Android binary to use PIE so it will work on Lollipop Thanks, Yaron [1] https://github.com/thaliproject/Tor_Onion_Proxy_Library/releases/tag/v0.0.2 From: Yaron Goland Sent: Thursday, July 24, 2014 6:32 PM To: tor-talk@lists.torproject.org Subject: Tor Onion Proxy Library I work on the Thali project [1] which depends on being able to host hidden services on Android, Linux, Mac and Windows. We wrote an open source library to help us host a Tor OP that that we thought would be useful to the general community - https://github.com/thaliproject/Tor_Onion_Proxy_Library The library produces an AAR (Android) and a JAR (Linux, Mac Windows) that contain the Guardian/Tor Project's Onion Proxy binaries. The code handles running the binary, configuring it, managing it, starting a hidden service, etc. The Tor_Onion_Proxy_Library started off with the Briar code for Android that Michael Rogers was kind enough to let us use [2]. We then expanded it to handle running on Linux, Mac and Windows. The code is just a wrapper around Briar's fork of jtorctl (originally from Guardian I believe) and the latest binaries from Guardian and the Tor Project. This is an alpha release, version 0.0.0 so please treat accordingly. I hope y'all find it useful. Thanks, Yaron [1] http://www.thaliproject.org/mediawiki/index.php?title=Main_Page [2] Specifically he dual licensed the code under Apache 2 so we could use it. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk