Re: [tor-talk] WebRTC via Tor
On 06/12/2013 11:29 PM, David Huerta wrote: On Mon, Jun 10, 2013 at 11:57 PM, mirimir miri...@riseup.net wrote: On 06/10/2013 03:54 PM, Jeffrey Walton wrote: On Mon, Jun 10, 2013 at 12:56 AM, David Huerta huerta...@opentil.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ... The problem is that Twilio WebRTC requires UDP connections over ports 10,000 to 60,000 and at least from my research (correct me if I'm wrong), Tor doesn't do onion routing for UDP traffic UDP does not work on some smart phones because many carriers allow UDP from the phone (send) but block UDP to the phone (receive). In the US, you will have probably trouble with Verizon, Sprint, and ATT (and likely others). If traffic uses VPN via Tor, the carrier will see only TCP. I'm unsure at which points in the connection there should be a VPN; Should it basically look like below? Alice running Tor --[OpenVPN connection in TCP mode via Tor]-- Machine running Tor --[Connection via Tor to Mumble server or some other voice data jumping point]-- Bob amidoinitrite? I don't think so. There needs to be a VPN tunnel wherever Alice wants Tor to carry UDP traffic. If Alice wants to connect with Bob via an Internet VoIP service, such as Twilio, she needs to use a third-party VPN service. It would look like this: Alice running Tor and OpenVPN --[OpenVPN connection in TCP mode via Tor]-- VPN server --[Internet]-- VoIP server --[however Bob connects]-- Bob The simplest way to route VPNs through Tor is with Whonix. She would just install OpenVPN on the Whonix workstation, and copy the VPN service's connection files to /etc/openvpn. At boot, openvpn connects to the designated VPN server via Tor. Alice's anonymity with that approach is limited by the money trail to the VPN service that she's using. Free VPNs wouldn't suffice because of their throughput limits. Some VPN services accept cash through the mail, however, and allow connections via Tor. Alternatively, Alice could (1) run her own OpenVPN server as a Tor hidden service, and (2) run her own VoIP server that accepts connections on the VPN. Bob etc would run Whonix with an OpenVPN client, and connect to Alice's hidden service. That provides Alice with better anonymity, but it's harder to set up. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] WebRTC via Tor
On Mon, Jun 10, 2013 at 11:57 PM, mirimir miri...@riseup.net wrote: On 06/10/2013 03:54 PM, Jeffrey Walton wrote: On Mon, Jun 10, 2013 at 12:56 AM, David Huerta huerta...@opentil.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ... The problem is that Twilio WebRTC requires UDP connections over ports 10,000 to 60,000 and at least from my research (correct me if I'm wrong), Tor doesn't do onion routing for UDP traffic UDP does not work on some smart phones because many carriers allow UDP from the phone (send) but block UDP to the phone (receive). In the US, you will have probably trouble with Verizon, Sprint, and ATT (and likely others). If traffic uses VPN via Tor, the carrier will see only TCP. I'm unsure at which points in the connection there should be a VPN; Should it basically look like below? Alice running Tor --[OpenVPN connection in TCP mode via Tor]-- Machine running Tor --[Connection via Tor to Mumble server or some other voice data jumping point]-- Bob amidoinitrite? Thanks, -- david [.dh] huerta davidhuerta.me ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] WebRTC via Tor
On Mon, Jun 10, 2013 at 12:56 AM, David Huerta huerta...@opentil.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ... The problem is that Twilio WebRTC requires UDP connections over ports 10,000 to 60,000 and at least from my research (correct me if I'm wrong), Tor doesn't do onion routing for UDP traffic UDP does not work on some smart phones because many carriers allow UDP from the phone (send) but block UDP to the phone (receive). In the US, you will have probably trouble with Verizon, Sprint, and ATT (and likely others). Jeff ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] WebRTC via Tor
On 06/10/2013 03:54 PM, Jeffrey Walton wrote: On Mon, Jun 10, 2013 at 12:56 AM, David Huerta huerta...@opentil.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ... The problem is that Twilio WebRTC requires UDP connections over ports 10,000 to 60,000 and at least from my research (correct me if I'm wrong), Tor doesn't do onion routing for UDP traffic UDP does not work on some smart phones because many carriers allow UDP from the phone (send) but block UDP to the phone (receive). In the US, you will have probably trouble with Verizon, Sprint, and ATT (and likely others). If traffic uses VPN via Tor, the carrier will see only TCP. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] WebRTC via Tor
I don't have a need for UDP as I mostly browse the web and stream Spotify which can be done over HTTPS... On Mon, Jun 10, 2013 at 11:57 PM, mirimir miri...@riseup.net wrote: On 06/10/2013 03:54 PM, Jeffrey Walton wrote: On Mon, Jun 10, 2013 at 12:56 AM, David Huerta huerta...@opentil.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ... The problem is that Twilio WebRTC requires UDP connections over ports 10,000 to 60,000 and at least from my research (correct me if I'm wrong), Tor doesn't do onion routing for UDP traffic UDP does not work on some smart phones because many carriers allow UDP from the phone (send) but block UDP to the phone (receive). In the US, you will have probably trouble with Verizon, Sprint, and ATT (and likely others). If traffic uses VPN via Tor, the carrier will see only TCP. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Nathan Suchy If this email was not intended for you delete it and any copies you have of it. The email was intended for FirstName LastName. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] WebRTC via Tor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 6/10/13 11:54 AM, Jeffrey Walton wrote: On Mon, Jun 10, 2013 at 12:56 AM, David Huerta huerta...@opentil.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ... The problem is that Twilio WebRTC requires UDP connections over ports 10,000 to 60,000 and at least from my research (correct me if I'm wrong), Tor doesn't do onion routing for UDP traffic UDP does not work on some smart phones because many carriers allow UDP from the phone (send) but block UDP to the phone (receive). In the US, you will have probably trouble with Verizon, Sprint, and ATT (and likely others). Good point; The project in mind will be using a plain wifi connection, with the carrier out of the picture as far as the device (BeagleBone Black) goes, so this should help mitigate the issue, assuming the network's firewall doesn't get in the way. - -- david [.dh] huerta davidhuerta.me - -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org mQENBFDlBaMBCADDRmcSL+YpVzawcjwCtm61lQT32VILEPE3o9mZMAfKlYiEtfJY 8r4ggOCdWRoqglPUGOoTSANsQfahxxmyLylFz1D9iNerx9/23iQ8hcFcokoOAdwA fhmNHEdkgyQg9Lyy5KcfGsrzJyxd7SBwMOvbRGudWpuA0+Dp84sQXTxHawp/LUVU G+zCrrc39jeyHWVLdNESxXCW7nOSRe/jU92/PiMTS0VAYZuHE9j93bH37JjLvXZx MgozTZImBxB9SmvT8ztuU1BS9jdmtO9/XD/XjWdvdbWS7z6fjambB8zWWAOkQvz/ TbCeaIVqYEaQspDaAs4jhdzfpRYRUAfk20cpABEBAAG0IkRhdmlkIEh1ZXJ0YSA8 aHVlcnRhbml4QGdtYWlsLmNvbT6JAT8EEwECACkFAlD9jbgCGyMFCQlmAYAHCwkI BwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRA11ya9rgnzKGv1CACBZzhAEGpA5IAB k58CbcDJ4hXg8OSoay24SNi7jdCemp0CEbr1EhHGw3s05sUExl/KRgeQxgazvXtk +Y0ynyguA39U+nu/kkRVhB7vNPXj2GKdcsO9cw92KmCcRhKZiYL3OEAiGXYa/kvl 6YqXxzbw7oshcceDmSAKctsiBHhS/zwpdb4Co1v260H8HXAf+tsDPbkZHVRSNX/V PyhxQFtnFvdEiLE6D6hsMXJWAvNBoeaGb/xaQnU9Elu0JqY+n2372oc2F9ZYsg/D WcwcKb5SkucyXnlph8AXTx3SCTISVVN95Pj8anv2Z1XwKV0iM+K3dp/v0bWsIvRq 07ZFT/hKtCREYXZpZCBIdWVydGEgPGh1ZXJ0YW5peEBvcGVudGlsLmNvbT6JAUIE EwECACwCGyMFCQlmAYAHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAUCUP2N2gIZ AQAKCRA11ya9rgnzKBPcB/4ltGkLGpzhH+4OxI+zRk7qRnF3sFLYJUh/VUSSDU8l Bu8eEYPol1DJ/MGIKqZytvLC6kvevHBRGT3YpEWJ3q97Iqvzpg52RftN8IZpN8dQ 6L8Tr1DLCcIl+F3J0rHBxrU54pXBlPpeo2Yppv2nGo+plFwKkg711A4ZJIUSaG6V hmslIovxoUxo4F0QyRNZ9dPqCzzTP63xJCgh0Ez+WVT8gaan1iE4Ck4xlEH6vMZB 8tVjXx0tCYPyNRwl0DDXkIfX+9s92stIQVDt4srNKcu6yjjQs7f+0UiULotZ3fKX skykx4wBk59BT92VQwBM/tFxgf+p0BLcbasFhCpfTNepiQE/BBMBAgApBQJQ5QWj AhsjBQkJZgGABwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQNdcmva4J8yj6 /gf/f4lSeMMK3yHLxcRQ7vqHJ+TrWCh62AxTHbbabnozGaug42ekZUJWqf+O97DT TpKRhknaTleXWontnotIdHcv/ciFM85SSlO2+k3jouxnyPEIP45wgabAAG55zUZ4 lUGH9z4OZo0j/OuxfTj/EWc1AciuJAONd5Cz6wFpbPMQ4811cB7IrDKPd5pTOe7M B+Y3SpWo95i0DWWeoa3MfXoBUjTjF8c79ZRel+M/9Qxqi9GkD+NWrJbSh1G9Rrkf 4FXFDO2tYadsnXV8+PnR0hoHXHoXSpWQzmbNhYa/OZOhPdgqAuOKTgAoT8rR9ELq vSHsuacDQOli8WqWd/IR4Szi8rkBDQRQ5QWjAQgA0oAIKM8AFYqHIrQocHmTGR/j YybKQ41u+RUkrhzQPGm9lNSIR7MdD+DEwyEPeZLezNzuUk/huA2eZrjI7P/6aire 0CtUePzkrY93/OuDS5Tb9FtduyclCFMVm+OlOkMjBiqUofQsei4mB6FLKKtKRdiH 0jng3UUkTbJY7iAlKannKBWtsuDCTQuguLh1+Z9bQmINiKSefYgYGJgCklhvYahc kX/NKnisepYOwiCldwvbGs6ify962qG14xPf1y/Q4dSCxgSjzLdXDxpp90XEZNiT 5YATzZrPJUrcFZX8/ep6I0COtIE+FnjMDKQ2VLCbC8lOJDcTtJdzXUIALrL69wAR AQABiQElBBgBAgAPBQJQ5QWjAhsMBQkJZgGAAAoJEDXXJr2uCfMoxs0H/j9YpD4m urSQZh8d6yQahM57sxmqBNer4YyZqHzNBVt6jUJ60wM90Yfn2m7mGjcD/GK6/fLq PzLv3VsQmMM+aVcCRGiFR5P/bLx5/t90PAgprrA7/ld3g0yN+5TGkI/fdOXQmApl bnKDy1q9a9CmtD5M+cOU7adIMEI8ymW2t2Cnw/aTEDNIss/eg2IcfvqirgkBuqw4 TtYAZiMhY38zifjTu0n2aUcKv64K4PGZVklo3BWdqN3bpt2cviB/kQCC/9JZNmqs WfZkK1q9rzo0wkJKTCAtmYYGDzOTYHDCXcOaviexnnq2+DDdfngcu1YpBclf2S4P J9HbchaaZTsCADw= =mmiq - -END PGP PUBLIC KEY BLOCK- -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRtrnyAAoJEDXXJr2uCfMobgkH/2Nyp8jn4KFQu/X8vFpDT75A 0oYps0zRuD2A1AqKpb2IPYxXhOoAAVDdqZN37H8g/xi9gjgxHuMMCVaTiO6gQd6x 5FTQMPMMqiSLdYbNIU1K9GB77lMZNXPg0wT1WqJAouBong+8nxin7wot7NbSoWYo Udemhtt24Nb6chD+tN75j/dEmPcy0ULgex7T3Rx+c06bzb2peyelIGxuqPpqwYsq xrcK+4I1i3X9iad8CS4YrdPra1e/ucQYUYnWHwT/9BAnpmEoFoSe/EybMQggMt8H oRYP8aNADiiLGA6TtFf3vsXdJEIZQSUtjhWKgO/u3+/mHDtFspCtHw7x7ENFU1Y= =uUYo -END PGP SIGNATURE- ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] WebRTC via Tor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey all, I've been experimenting with using WebRTC in a browser using Tor with Twilio to see if it's not totally impossible to do voice communication in a way that anonymizes location (source IP). The problem is that Twilio WebRTC requires UDP connections over ports 10,000 to 60,000 and at least from my research (correct me if I'm wrong), Tor doesn't do onion routing for UDP traffic. As an alternative to WebRTC, there does seem to be a Twilio Client Flash option* which is TCP-only, but eww Flash. Any ideas on how to shoehorn UDP traffic into Tor-friendly TCP or do something else that would produce basically the same effect? * http://www.twilio.com/help/faq/twilio-client/what-are-the-minimum-system-requirements-for-twilio-client Thanks, - -- david [.dh] huerta davidhuerta.me - -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org mQENBFDlBaMBCADDRmcSL+YpVzawcjwCtm61lQT32VILEPE3o9mZMAfKlYiEtfJY 8r4ggOCdWRoqglPUGOoTSANsQfahxxmyLylFz1D9iNerx9/23iQ8hcFcokoOAdwA fhmNHEdkgyQg9Lyy5KcfGsrzJyxd7SBwMOvbRGudWpuA0+Dp84sQXTxHawp/LUVU G+zCrrc39jeyHWVLdNESxXCW7nOSRe/jU92/PiMTS0VAYZuHE9j93bH37JjLvXZx MgozTZImBxB9SmvT8ztuU1BS9jdmtO9/XD/XjWdvdbWS7z6fjambB8zWWAOkQvz/ TbCeaIVqYEaQspDaAs4jhdzfpRYRUAfk20cpABEBAAG0IkRhdmlkIEh1ZXJ0YSA8 aHVlcnRhbml4QGdtYWlsLmNvbT6JAT8EEwECACkFAlD9jbgCGyMFCQlmAYAHCwkI BwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRA11ya9rgnzKGv1CACBZzhAEGpA5IAB k58CbcDJ4hXg8OSoay24SNi7jdCemp0CEbr1EhHGw3s05sUExl/KRgeQxgazvXtk +Y0ynyguA39U+nu/kkRVhB7vNPXj2GKdcsO9cw92KmCcRhKZiYL3OEAiGXYa/kvl 6YqXxzbw7oshcceDmSAKctsiBHhS/zwpdb4Co1v260H8HXAf+tsDPbkZHVRSNX/V PyhxQFtnFvdEiLE6D6hsMXJWAvNBoeaGb/xaQnU9Elu0JqY+n2372oc2F9ZYsg/D WcwcKb5SkucyXnlph8AXTx3SCTISVVN95Pj8anv2Z1XwKV0iM+K3dp/v0bWsIvRq 07ZFT/hKtCREYXZpZCBIdWVydGEgPGh1ZXJ0YW5peEBvcGVudGlsLmNvbT6JAUIE EwECACwCGyMFCQlmAYAHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAUCUP2N2gIZ AQAKCRA11ya9rgnzKBPcB/4ltGkLGpzhH+4OxI+zRk7qRnF3sFLYJUh/VUSSDU8l Bu8eEYPol1DJ/MGIKqZytvLC6kvevHBRGT3YpEWJ3q97Iqvzpg52RftN8IZpN8dQ 6L8Tr1DLCcIl+F3J0rHBxrU54pXBlPpeo2Yppv2nGo+plFwKkg711A4ZJIUSaG6V hmslIovxoUxo4F0QyRNZ9dPqCzzTP63xJCgh0Ez+WVT8gaan1iE4Ck4xlEH6vMZB 8tVjXx0tCYPyNRwl0DDXkIfX+9s92stIQVDt4srNKcu6yjjQs7f+0UiULotZ3fKX skykx4wBk59BT92VQwBM/tFxgf+p0BLcbasFhCpfTNepiQE/BBMBAgApBQJQ5QWj AhsjBQkJZgGABwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQNdcmva4J8yj6 /gf/f4lSeMMK3yHLxcRQ7vqHJ+TrWCh62AxTHbbabnozGaug42ekZUJWqf+O97DT TpKRhknaTleXWontnotIdHcv/ciFM85SSlO2+k3jouxnyPEIP45wgabAAG55zUZ4 lUGH9z4OZo0j/OuxfTj/EWc1AciuJAONd5Cz6wFpbPMQ4811cB7IrDKPd5pTOe7M B+Y3SpWo95i0DWWeoa3MfXoBUjTjF8c79ZRel+M/9Qxqi9GkD+NWrJbSh1G9Rrkf 4FXFDO2tYadsnXV8+PnR0hoHXHoXSpWQzmbNhYa/OZOhPdgqAuOKTgAoT8rR9ELq vSHsuacDQOli8WqWd/IR4Szi8rkBDQRQ5QWjAQgA0oAIKM8AFYqHIrQocHmTGR/j YybKQ41u+RUkrhzQPGm9lNSIR7MdD+DEwyEPeZLezNzuUk/huA2eZrjI7P/6aire 0CtUePzkrY93/OuDS5Tb9FtduyclCFMVm+OlOkMjBiqUofQsei4mB6FLKKtKRdiH 0jng3UUkTbJY7iAlKannKBWtsuDCTQuguLh1+Z9bQmINiKSefYgYGJgCklhvYahc kX/NKnisepYOwiCldwvbGs6ify962qG14xPf1y/Q4dSCxgSjzLdXDxpp90XEZNiT 5YATzZrPJUrcFZX8/ep6I0COtIE+FnjMDKQ2VLCbC8lOJDcTtJdzXUIALrL69wAR AQABiQElBBgBAgAPBQJQ5QWjAhsMBQkJZgGAAAoJEDXXJr2uCfMoxs0H/j9YpD4m urSQZh8d6yQahM57sxmqBNer4YyZqHzNBVt6jUJ60wM90Yfn2m7mGjcD/GK6/fLq PzLv3VsQmMM+aVcCRGiFR5P/bLx5/t90PAgprrA7/ld3g0yN+5TGkI/fdOXQmApl bnKDy1q9a9CmtD5M+cOU7adIMEI8ymW2t2Cnw/aTEDNIss/eg2IcfvqirgkBuqw4 TtYAZiMhY38zifjTu0n2aUcKv64K4PGZVklo3BWdqN3bpt2cviB/kQCC/9JZNmqs WfZkK1q9rzo0wkJKTCAtmYYGDzOTYHDCXcOaviexnnq2+DDdfngcu1YpBclf2S4P J9HbchaaZTsCADw= =mmiq - -END PGP PUBLIC KEY BLOCK- -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRtVyEAAoJEDXXJr2uCfMosnUIAILjf04PueCWutsT244jGMaa 9dKU3NOf9tRHx+8mPxCvWWqnbKpq+oyQCTTecxc8t82cddaP6GfjDZNDYkFhe48Q kQqUW2thxjKh1k1ZvbToNF6lhHRTJVrMTQGvhX0yy1oAB40reUAtcQnOeHr7e0Py HUsTevBpIAfy8iUfk+F+1nTWdw3zrz/YnHRmFYB392at7EQ0InoRyNLgZ7kgZmob /3p4SojuuTUExhXd9+0cXIWd+8PLyjMJXaUrHo0oiDIV+nrRfqrlfrXbNMG+FD97 1LKSwRaIvv1xAPIFZPn4PJlA50AKfWG3qvyEPPF5nYrRZrF4d8zg9eoppAt5yOU= =CibH -END PGP SIGNATURE- ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] WebRTC via Tor
On 06/10/2013 04:56 AM, David Huerta wrote: Hey all, I've been experimenting with using WebRTC in a browser using Tor with Twilio to see if it's not totally impossible to do voice communication in a way that anonymizes location (source IP). The problem is that Twilio WebRTC requires UDP connections over ports 10,000 to 60,000 and at least from my research (correct me if I'm wrong), Tor doesn't do onion routing for UDP traffic. As an alternative to WebRTC, there does seem to be a Twilio Client Flash option* which is TCP-only, but eww Flash. Any ideas on how to shoehorn UDP traffic into Tor-friendly TCP or do something else that would produce basically the same effect? * http://www.twilio.com/help/faq/twilio-client/what-are-the-minimum-system-requirements-for-twilio-client I don't know Twilio, but Mumble works well, with voice data as UDP, using OpenVPN through Tor in TCP mode. Although latency may be as much as 1-2 seconds, voice quality is high, with negligible choppiness. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk