From alessandro.greco.1 at protonmail.com Wed Apr 24 12:58:18 2024 From: alessandro.greco.1 at protonmail.com (Alessandro Greco) Date: Wed, 24 Apr 2024 12:58:18 +0000 Subject: [tor-dev] Proposal for Tor (Relay) Watchdog (Telegram) Bot Message-ID: Dear Tor Project Developers, I hope this email finds you well. I am writing to share with you a project [1] I have been working on called Tor Watchdog Bot [2], and I believe it may be of interest to you. Tor Watchdog Bot is a Telegram bot designed to monitor the status of Tor relays and notify users when relays go offline. The intent behind creating this bot was to develop a user-friendly tool that allows anyone to easily keep track of their Tor nodes. I am fully aware that the bot is not currently ready for public release as it requires several bug fixes and improvements. Before proceeding with further development, I wanted to ensure that this project aligns with your interests and goals. In order to prioritize user privacy and security, I did not activate the backend feature with the actual functionality; instead, I activated a demo that always provides the same results but allows users to understand the type of response they would receive if it were active. In the README.md file, you will find detailed instructions on how to set up and test the bot. If you find this project interesting and believe it could be beneficial to the Tor community, I would be delighted to see Tor Project host this service. However, I understand the importance of avoiding any form of user profiling, so I want to ensure that any potential hosting solution prioritizes user privacy. The code for Tor Watchdog Bot is released under the GPLv3 license, so you are libre to use and modify it as you see fit. I would be thrilled to contribute to the development of this project if it aligns with your vision. Thank you for considering this proposal. I look forward to hearing your thoughts and feedback. Best regards, Aleff. [1] https://github.com/aleff-github/TorWatchdog [2] https://t.me/TorWatchdog_bot --- Browse my WebSite: aleff-gitlab.gitlab.io Use my PGP Public Key: pgp.mit.edu/pks/lookup?op=get&search=0x7CFCE404A2168C85 Join to support: - Free Software Foundation! (my.fsf.org/join?referrer=6202114) - Electronic Frontier Foundation! (eff.org) - Tor-Project (torproject.org) - Signal (signal.org) -------------- next part -------------- A non-text attachment was scrubbed... Name: publickey - alessandro.greco.1 at protonmail.com - 0x1D14CC10.asc Type: application/pgp-keys Size: 3178 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 855 bytes Desc: OpenPGP digital signature URL: From hiro at torproject.org Mon Apr 29 10:45:34 2024 From: hiro at torproject.org (Hiro/Silvia) Date: Mon, 29 Apr 2024 10:45:34 +0000 Subject: [tor-dev] Proposal for Tor (Relay) Watchdog (Telegram) Bot In-Reply-To: References: Message-ID: On 2024-04-24 14:58, Alessandro Greco via tor-dev wrote: > Dear Tor Project Developers, > > I hope this email finds you well. I am writing to share with you a project [1] I have been working on called Tor Watchdog Bot [2], and I believe it may be of interest to you. > Hi Alessandro, Thank you for working on Tor watchdog. It is a great idea and a useful tool for this community. We have been maintaining Tor Weather [1] which sends notification to relay/bridge operators over email. It would be interesting if we could include Tor watchdog into Tor Weather as an additional module and people could decide which type of notification they want to receive. As a plus, Tor Weather is also written in python, which might make integration a little easier. What do you think? Cheers, -hiro > Tor Watchdog Bot is a Telegram bot designed to monitor the status of Tor relays and notify users when relays go offline. The intent behind creating this bot was to develop a user-friendly tool that allows anyone to easily keep track of their Tor nodes. > > I am fully aware that the bot is not currently ready for public release as it requires several bug fixes and improvements. Before proceeding with further development, I wanted to ensure that this project aligns with your interests and goals. In order to prioritize user privacy and security, I did not activate the backend feature with the actual functionality; instead, I activated a demo that always provides the same results but allows users to understand the type of response they would receive if it were active. > > In the README.md file, you will find detailed instructions on how to set up and test the bot. If you find this project interesting and believe it could be beneficial to the Tor community, I would be delighted to see Tor Project host this service. However, I understand the importance of avoiding any form of user profiling, so I want to ensure that any potential hosting solution prioritizes user privacy. > > The code for Tor Watchdog Bot is released under the GPLv3 license, so you are libre to use and modify it as you see fit. I would be thrilled to contribute to the development of this project if it aligns with your vision. > > Thank you for considering this proposal. I look forward to hearing your thoughts and feedback. > > Best regards, > Aleff. > > [1] https://github.com/aleff-github/TorWatchdog > [2] https://t.me/TorWatchdog_bot > > --- > > Browse my WebSite: aleff-gitlab.gitlab.io > Use my PGP Public Key: pgp.mit.edu/pks/lookup?op=get&search=0x7CFCE404A2168C85 > Join to support: > - Free Software Foundation! (my.fsf.org/join?referrer=6202114) > - Electronic Frontier Foundation! (eff.org) > - Tor-Project (torproject.org) > - Signal (signal.org) > _______________________________________________ > tor-dev mailing list > tor-dev at lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev From thomas.bellebaum at aisec.fraunhofer.de Tue Apr 30 07:38:24 2024 From: thomas.bellebaum at aisec.fraunhofer.de (Bellebaum, Thomas) Date: Tue, 30 Apr 2024 07:38:24 +0000 Subject: [tor-dev] Key Blinding Secrets Message-ID: <7c61adae882cfc1266f3568d95da839a5f3246f0.camel@aisec.fraunhofer.de> Hello everyone, I am a researcher currently looking into different schemes for what you call Keyblinding in the rendevouz spec. https://spec.torproject.org/rend-spec/keyblinding-scheme.html I noticed that your description there mentiones a secret `s` to be hashed into the blinding factor, and have a few questions about it: 1. Is this secret currently being used / intended to be used? If so, how? 2. What kinds of security (formally or informally) would you expect from using a secret in the derivation process? For example, do you just require that someone without `s` cannot look up the service, or is this also meant as a way of ensuring that HSDir nodes cannot find correlations between services and descriptors (amounting to some sort of additional censorship resistance)? The reason I am asking is because my research has identified some potentially post quantum secure schemes which for unknown identity keys results in uncorrelatable blinded keys, but where for known public keys you can efficiently determine whether a blinded key is its derivative, even if you do not know the blinding factor. I am wondering for which kinds of applications (with TOR being a major one) this would be relevant. If you have any insights, please let me know. Also I am new to the TOR-Dev world, so feel free to send me to a different mailing list, should I have chosen the wrone one for this topic :) Thanks in advance, Thomas -- ``` M.Sc. Thomas Bellebaum Applied Privacy Technologies Fraunhofer Institute for Applied and Integrated Security AISEC Lichtenbergstra?e 11, 85748 Garching near Munich (Germany) Tel. +49 89 32299 86 1039 thomas.bellebaum at aisec.fraunhofer.de https://www.aisec.fraunhofer.de ```