Re: [tor-talk] Creating distributed social networks with WebId behind Tor
On 05/16/2012 07:18 AM, Henry Story wrote: I think those are things one can push back to later research, as it is impossible to consider all interesting ideas simultaneously. My interest is at present to see if I can use WebID behind Tor with onion urls. I'd happily try this out with you - feel free to contact me off list - I think it would work well for the FreedomBox community as well. All the best, Jacob ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Creating distributed social networks with WebId behind Tor
use decentral encrypted social network http://interface.sf.net and add a proxy into the lib of rslib and you are done. use it over tor and it works. Thanks 2012/5/15 Henry Story henry.st...@bblfish.net: Hi, Recently in Berlin I was lucky to met Jacob Applebaum at the CCCB as he arrived to talk at the re:publica conference. I had been wondering for some time if it would be possible to use WebID for distributed social networks using linked data behind Tor, but I had not yet had time to make it a priority . From the discussion with Jacob, it seems like this should be feasible, and indeed relatively easy, but of course only real implementations can tell. Here of course a bit of background on WebId is needed ( http://webid.info/spec/ ). There are a number of ways of thinking of WebID. At one level it is an application of mathematical logic and web architecture to the problem of identity. At another it is a philosophical hack of TLS, whose effect is to shift the Trust in TLS from a hierarchical system into a web of trust. To understand its power one has to understand LinkedData and RESTful web services. But those are in fact exceedingly easy: REST is easy and well known, and LinkedData is just the idea that one applies the concept of hypertext to data - indeed some have called it hyperdata. Hyperdata allows one to create distributed social networks, the same way we have created the world wide web - allowing each individual person or organisation to control access to their data (web site). Place the web site behind Tor, use .onion URLs and you now have a web site - as I understand it - that can't be located by IP address. Place your (linked-)data behind tor, use .onion URLs and you should be able to publish data without anyone knowing where the server is. This of course creates issues of trust, and this is where distributed Social Networks can help. In order to understand distributed social networks built using LinkedData it helps not to start with TOR. Indeed it helps to start without TLS, and just use plain HTTP. This way we have been able to create distributed social networks with millions of users using the foaf (friend of a friend) ontology. ( I go into how that works in detail in a presentation Philosophy of the Social Web http://bblfish.net/tmp/2010/10/26/ ). But of course that does not address the serious issues of privacy. So this lead me to add a layer around http with TLS and use client side certificates to identify people in a distributed social web that can use access control to limit who can see what. ( the http://webid.info/spec/ has a diagram that makes that clear ). But TLS with WebID still reveals the users IP address. So this is where we should be able add another layer to our onion: Tor. All we need are Tor onion URIs. Place an onion URI for your profile in your X509 certificate and you should now be able to authenticate to any web site without the server you are authenticating to knowing where your identity Profile is located. If that server wishes to know more about you than your public key, your server can let it know as much or as little as you wish it to know by requiring it to authenticate with WebID and then calculating its position in your web of trust. (WebID is a recursive protocol). In such a social web you can allow your friends to post to your wall, and you can interact happily as if you were on Facebook, but with no big brother in the loop. Anyone else will just see your onion URL and a public key. There is a short screen cast showing how this works with current browsers at http://webid.info/ . So how does one proceed to test this out? I think there are a 3 stages, of increasing complexity 1. build a foaf social web behind Tor Instead of links such as the following ( which you can find in my foaf-profile at http://bblfish.net/people/henry/card ) @prefix foaf: http://xmlns.com/foaf/0.1/ . http://bblfish.net/people/henry/card#me a foaf:Person; foaf:knows http://www.w3.org/People/Berners-Lee/card#i . you need to write the above using .onion URIs and make those publicly available on the tor network. It should be possible to follow the links from one profile to another, deference the second url and get more information... using well known LinkedData principles. It is best if those files are on different machines to make it real. 2. if the above works then you can add your X509 public key to your profile as explained in the http://webid.info/spec/ http://a2342sdsf.onion/profile#me cert:key [ cert:modulus ^^xsd:hexBinary; cert:exponent 65537 ] . 2.1 then create a service behind tor that authenticates users with X509 WebId certificates with .onion urls and see if you can log in there. If the above can be done, then adding access control is just one more step that is relatively easy. I am currently
Re: [tor-talk] Creating distributed social networks with WebId behind Tor
On 2 Jun 2012, at 16:06, Jacob Appelbaum wrote: On 05/16/2012 07:18 AM, Henry Story wrote: I think those are things one can push back to later research, as it is impossible to consider all interesting ideas simultaneously. My interest is at present to see if I can use WebID behind Tor with onion urls. I'd happily try this out with you - feel free to contact me off list - I think it would work well for the FreedomBox community as well. Will do. Currently I am working on getting the main read-write-web application working in Play2.0, which is a web application framework written in Scala and very good at asynchronous IO... (scala and akka.io would probably be a very good framework to implement Tor like functionality) I think this will take me a few more weeks - probably the whole month - to get things working smoothly again. I'd need to play with Tor a little bit so that I can work out what the core issues are to get a WebID-type protocol working. I would need to dig into the following: A. TLS over Tor - the client needs to be able to use Tor URLs encryption so that it can know that it has connected to the right server, without using Certificate Authorities of course. [1] I suppose I should be able to tweak the TLS libs on the java side to be able to make this trust decision, without too much difficulty - once that is done having the server request the client certificate should be great. B. Read-Write-Web I'd need to look into what writing a bit of RDF using Tor URLs would look like. Perhaps you can help here: could you (or anyone else here) develop a simple foaf profile using Tor URLs, and put that on a server behind Tor, which I could use some Tor enhanced curl to GET? If Tor URLs allow for relative URLs (which my httpk:// sketching in mentioned previously [1] would have done), then one should be able to express the graph like this in Turtle [2] [[ @prefix foaf: http://xmlns.com/foaf/0.1/ . #me a foaf:Person; foaf:knows http://342sdfsds.onion/people/33#clarkKent . ]] Given the location the GET was made on, I should be able to turn those relative urls into absolute Tor ones, that I could then add to my WebID profile [3] as a link back. That would of course not be secured, but it would show that the underlying data layer was functional inside of Tor. Just with that I could already enhance my crawlers to crawl Tor based RDF. Henry [1] I had thought of something similar over a year ago with the httpk scheme. http://lists.w3.org/Archives/Public/public-xg-webid/2011Mar/0068.html [2] http://www.w3.org/TR/turtle/ [3] http://bblfish.net/people/henry/card#me All the best, Jacob Social Web Architect http://bblfish.net/ ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Creating distributed social networks with WebId behind Tor
2012/6/2 Randolph D. rdohm...@googlemail.com: use decentral encrypted social network http://interface.sf.net and add a proxy into the lib of rslib and you are done. use it over tor and it works. Thanks Actually, interface is just a layer above retroshare, and add a proxy into the lib of rslib is not an easy thing to do, as the TBB has proven. Developing a secure social network is not only a matter of decentralization (hello Diaspora!), it's a matter of creating a whole safe architecture. And no, tor is no fairy dust, so simply encapsulating a social network over tor is quite useless. Leonardo ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Creating distributed social networks with WebId behind Tor
miniBill wrote (15 May 2012 19:25:46 GMT) : 4) this requires every user to have an always on machine Julien Voisin is going to work on Tails server during GSoC this year; the task page was not updated -yet- with all the deeper thought that was put in the project since then, but you'll get the idea: https://tails.boum.org/todo/server_edition/ ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Creating distributed social networks with WebId behind Tor
On 16 May 2012, at 03:21, Ted Smith wrote: On Tue, 2012-05-15 at 21:07 -0400, ahmed wrote: On Tue, 2012-05-15 at 22:32 +0200, Henry Story wrote: 4) this requires every user to have an always on machine Not really. Users can synchronize their data with their friends when they become online, and their friends can pass it to the offline user's friends when they become online. This is a non-trivial design point. It's certainly not impossible (very few things in this space truly are), but it's hard to get right and introduces a number of problems, including security concerns. It is also possible to imagine that the server you use ends up being the one hosting your profile, in which case necessarily the server you use would always be on when using it. I think those are things one can push back to later research, as it is impossible to consider all interesting ideas simultaneously. My interest is at present to see if I can use WebID behind Tor with onion urls. Henry -- Sent from Ubuntu ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk Social Web Architect http://bblfish.net/ ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Creating distributed social networks with WebId behind Tor
On 15 May 2012, at 21:25, miniBill wrote: Quick feedback: 1) nice idea thanks. 2) tor hidden services already have transport level encryption Yes, this is a point worth exploring. The advantage of https for WebId is that the TLS protocol comes with the tools for the server to ask for a client certificate, and that this is built into all browsers (desktop ones at least). It is also very useful for robots since they can then do work on behalf of the user, and authenticate as themselves or as the user they are working for, without one needing to develop a login protocol. Does Tor have its own method for the server to request the client certificate too? Then one could apply the webid principles to that protocol too. If the issue is minimising the number of encryption layers needed then servers behind TOR could negotiate the null encryption layer. Clearly that would have its own issues. There may be other ways to do this... 3) there are plenty of https hosts providers, but no .onion ones I am working with the initial assumption that we would have our own freedom boxes. Would that address this point, or have I misunderstood it? 4) this requires every user to have an always on machine Yes, that would be possible with a freedom box. I am assuming that in this set up as it simplifies the architecture at this point. Il giorno 15/mag/2012 11:55, Henry Story henry.st...@bblfish.net ha scritto: Hi, Recently in Berlin I was lucky to met Jacob Applebaum at the CCCB as he arrived to talk at the re:publica conference. I had been wondering for some time if it would be possible to use WebID for distributed social networks using linked data behind Tor, but I had not yet had time to make it a priority . From the discussion with Jacob, it seems like this should be feasible, and indeed relatively easy, but of course only real implementations can tell. Here of course a bit of background on WebId is needed ( http://webid.info/spec/ ). There are a number of ways of thinking of WebID. At one level it is an application of mathematical logic and web architecture to the problem of identity. At another it is a philosophical hack of TLS, whose effect is to shift the Trust in TLS from a hierarchical system into a web of trust. To understand its power one has to understand LinkedData and RESTful web services. But those are in fact exceedingly easy: REST is easy and well known, and LinkedData is just the idea that one applies the concept of hypertext to data - indeed some have called it hyperdata. Hyperdata allows one to create distributed social networks, the same way we have created the world wide web - allowing each individual person or organisation to control access to their data (web site). Place the web site behind Tor, use .onion URLs and you now have a web site - as I understand it - that can't be located by IP address. Place your (linked-)data behind tor, use .onion URLs and you should be able to publish data without anyone knowing where the server is. This of course creates issues of trust, and this is where distributed Social Networks can help. In order to understand distributed social networks built using LinkedData it helps not to start with TOR. Indeed it helps to start without TLS, and just use plain HTTP. This way we have been able to create distributed social networks with millions of users using the foaf (friend of a friend) ontology. ( I go into how that works in detail in a presentation Philosophy of the Social Web http://bblfish.net/tmp/2010/10/26/ ). But of course that does not address the serious issues of privacy. So this lead me to add a layer around http with TLS and use client side certificates to identify people in a distributed social web that can use access control to limit who can see what. ( the http://webid.info/spec/ has a diagram that makes that clear ). But TLS with WebID still reveals the users IP address. So this is where we should be able add another layer to our onion: Tor. All we need are Tor onion URIs. Place an onion URI for your profile in your X509 certificate and you should now be able to authenticate to any web site without the server you are authenticating to knowing where your identity Profile is located. If that server wishes to know more about you than your public key, your server can let it know as much or as little as you wish it to know by requiring it to authenticate with WebID and then calculating its position in your web of trust. (WebID is a recursive protocol). In such a social web you can allow your friends to post to your wall, and you can interact happily as if you were on Facebook, but with no big brother in the loop. Anyone else will just see your onion URL and a public key. There is a short screen cast showing how this works with current browsers at http://webid.info/ . So how does one proceed to test this out? I think there are a 3 stages, of increasing complexity 1. build a
Re: [tor-talk] Creating distributed social networks with WebId behind Tor
On Tue, 2012-05-15 at 22:32 +0200, Henry Story wrote: 4) this requires every user to have an always on machine Not really. Users can synchronize their data with their friends when they become online, and their friends can pass it to the offline user's friends when they become online. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk