October 2019 - tor-commits - lists.torproject.org

[metrics-cloud/master] Installs apache2 package
by irl＠torproject.org 03 Oct '19

03 Oct '19

commit 4d10bce0111566b7c65d9a45e4e573f768ff6575 Author: Ana Custura <ana(a)netstat.org.uk> Date: Wed Aug 14 14:30:24 2019 +0100 Installs apache2 package --- ansible/roles/onionperf/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/roles/onionperf/tasks/main.yml b/ansible/roles/onionperf/tasks/main.yml index b81a1fd..6129f49 100644 --- a/ansible/roles/onionperf/tasks/main.yml +++ b/ansible/roles/onionperf/tasks/main.yml @@ -50,3 +50,8 @@ dest: /etc/systemd/system/onionperf.service notify: restart onionperf become: true +- name: install apache2 + apt: + name: apache2 + become: true +

1 0

[metrics-cloud/master] Adds role letsencrypt to onoinperf
by irl＠torproject.org 03 Oct '19

03 Oct '19

commit 9313b40c94dd18cda2c2bd116251317c1238ad7b Author: Ana Custura <ana(a)netstat.org.uk> Date: Wed Aug 14 16:21:16 2019 +0100 Adds role letsencrypt to onoinperf --- ansible/onionperfs.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/onionperfs.yml b/ansible/onionperfs.yml index a646dfd..94329bc 100644 --- a/ansible/onionperfs.yml +++ b/ansible/onionperfs.yml @@ -5,3 +5,4 @@ - debian-backports - tor-client - onionperf + - letsencrypt

1 0

[metrics-cloud/master] Adds sensible admin email variable
by irl＠torproject.org 03 Oct '19

03 Oct '19

commit 5fdae4b96e1dced1191a104837600c13542b4e95 Author: Ana Custura <ana(a)netstat.org.uk> Date: Wed Sep 4 16:27:00 2019 +0100 Adds sensible admin email variable --- ansible/roles/letsencrypt/vars/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/letsencrypt/vars/main.yml b/ansible/roles/letsencrypt/vars/main.yml index 32d83b1..815e96d 100644 --- a/ansible/roles/letsencrypt/vars/main.yml +++ b/ansible/roles/letsencrypt/vars/main.yml @@ -1,6 +1,6 @@ --- -letsencrypt_account_email: "acute(a)torproject.org" +letsencrypt_account_email: "metrics-web(a)torproject.org" domain: "test.t1.erg.abdn.ac.uk" # staging - use this for testing!

1 0

[metrics-cloud/master] Adds files for letsencrypt role
by irl＠torproject.org 03 Oct '19

03 Oct '19

commit ad5559bcbb28b09b2a6feafe9f853a6c8b96d8ff Author: Ana Custura <ana(a)netstat.org.uk> Date: Wed Aug 14 16:21:52 2019 +0100 Adds files for letsencrypt role --- .../roles/letsencrypt/files/000-default.conf.j2 | 18 +++ .../roles/letsencrypt/files/default-ssl.conf.j2 | 22 ++++ ansible/roles/letsencrypt/handlers/main.yml | 4 + ansible/roles/letsencrypt/tasks/main.yml | 143 +++++++++++++++++++++ ansible/roles/letsencrypt/vars/main.yml | 18 +++ 5 files changed, 205 insertions(+) diff --git a/ansible/roles/letsencrypt/files/000-default.conf.j2 b/ansible/roles/letsencrypt/files/000-default.conf.j2 new file mode 100644 index 0000000..e8a52bd --- /dev/null +++ b/ansible/roles/letsencrypt/files/000-default.conf.j2 @@ -0,0 +1,18 @@ +<VirtualHost *:80> + ServerName {{ domain }} + ServerAdmin {{ letsencrypt_account_email }} + DocumentRoot {{ onionperf_directory}} + + Alias "/.well-known" "/var/www/html/.well-known" + + <Directory {{ onionperf_directory }}> + Options Indexes + Require all granted + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + +</VirtualHost> + + diff --git a/ansible/roles/letsencrypt/files/default-ssl.conf.j2 b/ansible/roles/letsencrypt/files/default-ssl.conf.j2 new file mode 100644 index 0000000..b2ec0cf --- /dev/null +++ b/ansible/roles/letsencrypt/files/default-ssl.conf.j2 @@ -0,0 +1,22 @@ +<VirtualHost *:443> + ServerName {{ domain }} + + ServerAdmin {{ letsencrypt_account_email }} + DocumentRoot {{ onionperf_directory}} + + <Directory {{ onionperf_directory }}> + Options Indexes + Require all granted + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + SSLEngine On + SSLCertificateFile "{{ letsencrypt_dest }}/{{ domain }}/signed.crt" + SSLCertificateKeyFile "{{ letsencrypt_dest }}/{{ domain }}/domain.key" + SSLCertificateChainFile "{{ letsencrypt_dest }}/{{ domain }}/fullchain.pem" + +</VirtualHost> + + diff --git a/ansible/roles/letsencrypt/handlers/main.yml b/ansible/roles/letsencrypt/handlers/main.yml new file mode 100644 index 0000000..ba2dfcf --- /dev/null +++ b/ansible/roles/letsencrypt/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: reload apache2 + service: name=apache2 state=restarted daemon_reload=yes + become: true diff --git a/ansible/roles/letsencrypt/tasks/main.yml b/ansible/roles/letsencrypt/tasks/main.yml new file mode 100644 index 0000000..41e8de3 --- /dev/null +++ b/ansible/roles/letsencrypt/tasks/main.yml @@ -0,0 +1,143 @@ +--- +# in here put the domain for the certificate required +- name: Create certficate directory + file: + path: "{{ letsencrypt_dest }}/{{ domain }}" + state: directory + become: true + +- name: Copy Apache default configuration + template: + src: files/000-default.conf.j2 + dest: /etc/apache2/sites-available/000-default.conf + owner: www-data + group: www-data + mode: '0644' + become: true + +- name: Copy Apache SSL configuration + template: + src: files/default-ssl.conf.j2 + dest: /etc/apache2/sites-available/default-ssl.conf + owner: www-data + group: www-data + mode: '0644' + become: true + + +# generate account key, if necessary +- name: Find account.key + stat: + path: "{{ letsencrypt_dest }}/{{ domain }}/account.key" + register: account_key + become: true + run_once: true + +- name: Generate account.key + shell: openssl genrsa 4096 > "{{ letsencrypt_dest }}/{{ domain }}/account.key" + run_once: true + when: not account_key.stat.exists + become: true + +# generate domain key, if necessary +- name: Find domain.key + stat: + path: "{{ letsencrypt_dest }}/{{ domain }}/domain.key" + register: domain_key + become: true + run_once: true + +- name: Generate domain.key + shell: openssl genrsa 4096 > "{{ letsencrypt_dest }}/{{ domain }}/domain.key" + run_once: true + when: not domain_key.stat.exists + become: true + +# generate domain csr, if necessary +- name: Find domain.csr + stat: + path: "{{ letsencrypt_dest }}/{{ domain }}/domain.csr" + register: domain_csr + become: true + run_once: true + +- name: Generate domain.csr + shell: openssl req -new -sha256 -key "{{ letsencrypt_dest }}/{{ domain }}/domain.key" \ + -subj "/CN={{ domain }}" > "{{ letsencrypt_dest }}/{{ domain }}/domain.csr" + run_once: true + when: not domain_csr.stat.exists + become: true + +- name: Create challenge + acme_certificate: + account_key_src: "{{ letsencrypt_dest }}/{{ domain }}/account.key" + csr: "{{ letsencrypt_dest }}/{{ domain }}/domain.csr" + dest: "{{ letsencrypt_dest }}/{{ domain }}/signed.crt" + chain_dest: "{{ letsencrypt_dest }}/{{ domain }}/intermediate.pem" + fullchain_dest: "{{ letsencrypt_dest }}/{{ domain }}/fullchain.pem" + account_email: "{{ letsencrypt_account_email }}" + acme_directory: "{{ letsencrypt_acme_directory }}" + acme_version: "{{ letsencrypt_acme_version }}" + agreement: "{{ letsencrypt_agreement }}" + terms_agreed: "{{ letsencrypt_terms_agreed }}" + challenge: "{{ letsencrypt_challenge }}" + remaining_days: "{{ letsencrypt_remaining_days }}" + register: op_challenge + become: true + +- name: Create challenge webserver directory + file: + path: "/var/www/html/.well-known/acme-challenge" + state: directory + recurse: yes + become: true + +- name: Copy challenge files to webserver root + copy: + dest: "/var/www/html/{{ op_challenge['challenge_data'][domain]['http-01']['resource'] }}" + content: "{{ op_challenge['challenge_data'][domain]['http-01']['resource_value'] }}" + when: op_challenge is changed + become: true + +- name: Create certificate + acme_certificate: + account_key_src: "{{ letsencrypt_dest }}/{{ domain }}/account.key" + csr: "{{ letsencrypt_dest }}/{{ domain }}/domain.csr" + dest: "{{ letsencrypt_dest }}/{{ domain }}/signed.crt" + chain_dest: "{{ letsencrypt_dest }}/{{ domain }}/intermediate.pem" + agreement: "{{ letsencrypt_agreement }}" + terms_agreed: "{{ letsencrypt_terms_agreed }}" + fullchain_dest: "{{ letsencrypt_dest }}/{{ domain }}/fullchain.pem" + data: "{{ op_challenge }}" + account_email: "{{ letsencrypt_account_email }}" + acme_directory: "{{ letsencrypt_acme_directory }}" + acme_version: "{{ letsencrypt_acme_version }}" + challenge: "{{ letsencrypt_challenge }}" + remaining_days: "{{ letsencrypt_remaining_days }}" + run_once: true + when: op_challenge is changed + register: verify_challenge + become: true + +- name: Enable SSL module + apache2_module: + state: present + name: ssl + become: true + notify: + - reload apache2 + +- name: Look for existing SSL website + stat: + path: "/etc/apache2/sites-enabled/default-ssl.conf" + register: ssl_website + become: true + run_once: true + +- name: Enable SSL website + command: a2ensite default-ssl.conf + become: true + run_once: true + when: not ssl_website.stat.exists + notify: + - reload apache2 diff --git a/ansible/roles/letsencrypt/vars/main.yml b/ansible/roles/letsencrypt/vars/main.yml new file mode 100644 index 0000000..32d83b1 --- /dev/null +++ b/ansible/roles/letsencrypt/vars/main.yml @@ -0,0 +1,18 @@ +--- + +letsencrypt_account_email: "acute(a)torproject.org" +domain: "test.t1.erg.abdn.ac.uk" + +# staging - use this for testing! +letsencrypt_acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory" + +# production - use this when you want an actual certificate +#letsencrypt_acme_directory: "https://acme-v01.api.letsencrypt.org/directory" +letsencrypt_agreement: "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" +letsencrypt_terms_agreed: 1 +letsencrypt_acme_version: 2 +letsencrypt_challenge: "http-01" +letsencrypt_dest: "/etc/letsencrypt" +letsencrypt_remaining_days: 90 + +onionperf_directory : "/srv/onionperf.torproject.net/onionperf-data"

1 0

[metrics-cloud/master] Splits letsencrypt and apache into two roles
by irl＠torproject.org 03 Oct '19

03 Oct '19

commit e214cb9be3a4e8a23608090586a05568d50bd03c Author: Ana Custura <ana(a)netstat.org.uk> Date: Wed Sep 4 16:46:32 2019 +0100 Splits letsencrypt and apache into two roles --- ansible/onionperfs.yml | 1 + ansible/roles/letsencrypt/tasks/main.yml | 42 ---------------------- ansible/roles/letsencrypt/vars/main.yml | 2 -- .../files/000-default.conf.j2 | 2 +- .../files/default-ssl.conf.j2 | 2 +- .../handlers/main.yml | 0 ansible/roles/onionperf-webserver/tasks/main.yml | 40 +++++++++++++++++++++ ansible/roles/onionperf-webserver/vars/main.yml | 6 ++++ 8 files changed, 49 insertions(+), 46 deletions(-) diff --git a/ansible/onionperfs.yml b/ansible/onionperfs.yml index 94329bc..2b614ee 100644 --- a/ansible/onionperfs.yml +++ b/ansible/onionperfs.yml @@ -6,3 +6,4 @@ - tor-client - onionperf - letsencrypt + - onionperf-webserver diff --git a/ansible/roles/letsencrypt/tasks/main.yml b/ansible/roles/letsencrypt/tasks/main.yml index 41e8de3..928d87f 100644 --- a/ansible/roles/letsencrypt/tasks/main.yml +++ b/ansible/roles/letsencrypt/tasks/main.yml @@ -6,25 +6,6 @@ state: directory become: true -- name: Copy Apache default configuration - template: - src: files/000-default.conf.j2 - dest: /etc/apache2/sites-available/000-default.conf - owner: www-data - group: www-data - mode: '0644' - become: true - -- name: Copy Apache SSL configuration - template: - src: files/default-ssl.conf.j2 - dest: /etc/apache2/sites-available/default-ssl.conf - owner: www-data - group: www-data - mode: '0644' - become: true - - # generate account key, if necessary - name: Find account.key stat: @@ -118,26 +99,3 @@ when: op_challenge is changed register: verify_challenge become: true - -- name: Enable SSL module - apache2_module: - state: present - name: ssl - become: true - notify: - - reload apache2 - -- name: Look for existing SSL website - stat: - path: "/etc/apache2/sites-enabled/default-ssl.conf" - register: ssl_website - become: true - run_once: true - -- name: Enable SSL website - command: a2ensite default-ssl.conf - become: true - run_once: true - when: not ssl_website.stat.exists - notify: - - reload apache2 diff --git a/ansible/roles/letsencrypt/vars/main.yml b/ansible/roles/letsencrypt/vars/main.yml index 815e96d..41ce279 100644 --- a/ansible/roles/letsencrypt/vars/main.yml +++ b/ansible/roles/letsencrypt/vars/main.yml @@ -14,5 +14,3 @@ letsencrypt_acme_version: 2 letsencrypt_challenge: "http-01" letsencrypt_dest: "/etc/letsencrypt" letsencrypt_remaining_days: 90 - -onionperf_directory : "/srv/onionperf.torproject.net/onionperf-data" diff --git a/ansible/roles/letsencrypt/files/000-default.conf.j2 b/ansible/roles/onionperf-webserver/files/000-default.conf.j2 similarity index 87% rename from ansible/roles/letsencrypt/files/000-default.conf.j2 rename to ansible/roles/onionperf-webserver/files/000-default.conf.j2 index e8a52bd..9050419 100644 --- a/ansible/roles/letsencrypt/files/000-default.conf.j2 +++ b/ansible/roles/onionperf-webserver/files/000-default.conf.j2 @@ -1,6 +1,6 @@ <VirtualHost *:80> ServerName {{ domain }} - ServerAdmin {{ letsencrypt_account_email }} + ServerAdmin {{ webmaster_email }} DocumentRoot {{ onionperf_directory}} Alias "/.well-known" "/var/www/html/.well-known" diff --git a/ansible/roles/letsencrypt/files/default-ssl.conf.j2 b/ansible/roles/onionperf-webserver/files/default-ssl.conf.j2 similarity index 91% rename from ansible/roles/letsencrypt/files/default-ssl.conf.j2 rename to ansible/roles/onionperf-webserver/files/default-ssl.conf.j2 index b2ec0cf..9192f81 100644 --- a/ansible/roles/letsencrypt/files/default-ssl.conf.j2 +++ b/ansible/roles/onionperf-webserver/files/default-ssl.conf.j2 @@ -1,7 +1,7 @@ <VirtualHost *:443> ServerName {{ domain }} - ServerAdmin {{ letsencrypt_account_email }} + ServerAdmin {{ webmaster_email }} DocumentRoot {{ onionperf_directory}} <Directory {{ onionperf_directory }}> diff --git a/ansible/roles/letsencrypt/handlers/main.yml b/ansible/roles/onionperf-webserver/handlers/main.yml similarity index 100% rename from ansible/roles/letsencrypt/handlers/main.yml rename to ansible/roles/onionperf-webserver/handlers/main.yml diff --git a/ansible/roles/onionperf-webserver/tasks/main.yml b/ansible/roles/onionperf-webserver/tasks/main.yml new file mode 100644 index 0000000..337e150 --- /dev/null +++ b/ansible/roles/onionperf-webserver/tasks/main.yml @@ -0,0 +1,40 @@ +--- +- name: Copy Apache default configuration + template: + src: files/000-default.conf.j2 + dest: /etc/apache2/sites-available/000-default.conf + owner: www-data + group: www-data + mode: '0644' + become: true + +- name: Copy Apache SSL configuration + template: + src: files/default-ssl.conf.j2 + dest: /etc/apache2/sites-available/default-ssl.conf + owner: www-data + group: www-data + mode: '0644' + become: true +- name: Enable SSL module + apache2_module: + state: present + name: ssl + become: true + notify: + - reload apache2 + +- name: Look for existing SSL website + stat: + path: "/etc/apache2/sites-enabled/default-ssl.conf" + register: ssl_website + become: true + run_once: true + +- name: Enable SSL website + command: a2ensite default-ssl.conf + become: true + run_once: true + when: not ssl_website.stat.exists + notify: + - reload apache2 diff --git a/ansible/roles/onionperf-webserver/vars/main.yml b/ansible/roles/onionperf-webserver/vars/main.yml new file mode 100644 index 0000000..3a2dc06 --- /dev/null +++ b/ansible/roles/onionperf-webserver/vars/main.yml @@ -0,0 +1,6 @@ +--- + +domain: "test.t1.erg.abdn.ac.uk" +webmaster_email: "metrics-web(a)torproject.org" +letsencrypt_dest: "/etc/letsencrypt" +onionperf_directory : "/srv/onionperf.torproject.net/onionperf-data"

1 0

[community/master] Add section FAQ for trainers
by emmapeel＠torproject.org 03 Oct '19

03 Oct '19

commit dfa4602b6472791db6b23e33fbc7161396ff3723 Author: gus <gus(a)torproject.org> Date: Wed Oct 2 15:12:14 2019 -0400 Add section FAQ for trainers --- content/training/faq/contents.lr | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/content/training/faq/contents.lr b/content/training/faq/contents.lr new file mode 100644 index 0000000..f305b85 --- /dev/null +++ b/content/training/faq/contents.lr @@ -0,0 +1,37 @@ +_model: page +--- +title: Tor Training FAQ +--- +body: + +After running a couple of Tor training, you will find out that first time users have some similar questions about Tor. Here we aggregate the most frequent questions that we listened during our training sessions and you must be aware before running your training. For an extensive resource check [Support portal](https://support.torproject.org). + + * [Why is it called Tor?](https://support.torproject.org/about/why-is-it-called-tor/) + * [Does using Tor Browser protect other applications on my computer?](https://support.torproject.org/tbb/tbb-13/) + * [Using Tor with a VPN is more secure?](https://support.torproject.org/faq/faq-5/) + * [Can I browse normal HTTPS sites with Tor?](https://support.torproject.org/https/https-2/) + * [Is it possible to find out the path that a client is taking on the Tor Network?](https://support.torproject.org/misc/misc-1/) + * [Why don't you prevent bad people from doing bad things when using Tor?](https://support.torproject.org/misc/misc-2/) + * [When I use Tor Browser, will anyone be able to tell which websites I visit?](https://support.torproject.org/tbb/tbb-3/) + * [Why did my search engine switch to DuckDuckGo? Or what is DuckDuckGo?](https://support.torproject.org/tbb/tbb-41/) + * [What is a bridge?](https://support.torproject.org/censorship/censorship-7/) + * [Tor Browser won't connect, but it doesn’t seem to be an issue with censorship.](https://support.torproject.org/tbb/tbb-20/) + * [What is the difference between using Tor Browser and 'Incognito mode' or private tabs? ](https://support.torproject.org/tbb/tbb-and-incognito-mode/) + * [Does running Tor Browser make me a relay?](https://support.torproject.org/tbb/tbb-33/) + * [Who funds Tor](https://support.torproject.org/misc/misc-3/) + * [Is there a backdoor in Tor?](https://support.torproject.org/about/backdoor/) + +--- +color: primary +--- +html: two-columns-page.html +--- +key: 5 +--- +section: Training +--- +section_id: training +--- +subtitle: + +You probably should know these answers before teaching about Tor

1 0

[community/master] Removed extra CoC link
by emmapeel＠torproject.org 03 Oct '19

03 Oct '19

commit b2a4dd4d74ab6558a46b525d0829461b53a9e47f Author: gus <gus(a)torproject.org> Date: Wed Oct 2 12:08:49 2019 -0400 Removed extra CoC link --- content/training/code-of-conduct/contents.lr | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/training/code-of-conduct/contents.lr b/content/training/code-of-conduct/contents.lr index 6d39f0d..03dc97a 100644 --- a/content/training/code-of-conduct/contents.lr +++ b/content/training/code-of-conduct/contents.lr @@ -22,4 +22,4 @@ body: ## Code of Conduct for Trainers -The Tor Project is committed to fostering an inclusive environment and community. Tor is a place where people should feel safe to engage, share their point of view, and participate. You can find our code of conduct [here](https://gitweb.torproject.org/community/policies.git/tree/code_of_con… +The Tor Project is committed to fostering an inclusive environment and community. Tor is a place where people should feel safe to engage, share their point of view, and participate.

1 0

[community/master] Add new page - training checklist
by emmapeel＠torproject.org 03 Oct '19

03 Oct '19

commit 0f09bc4e3b69d2259a2cfca0701b66fad3197d45 Author: gus <gus(a)torproject.org> Date: Wed Oct 2 11:51:11 2019 -0400 Add new page - training checklist --- content/training/checklist/contents.lr | 75 ++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/content/training/checklist/contents.lr b/content/training/checklist/contents.lr new file mode 100644 index 0000000..5712680 --- /dev/null +++ b/content/training/checklist/contents.lr @@ -0,0 +1,75 @@ +_model: page +--- +title: Training checklist +--- +body: + +Use this checklist to run a Tor Training. + +## Get prepared + + [ ] I read and agree with the Tor Project [Code of Coduct](https://community.torproject.org/training/code-of-conduct/) + + [ ] I read the Trainers Guide + + [ ] I have an agenda for the training + + [ ] I reviewed the training slides + +## Security protocol + + [ ] I already contacted my organization and told them that I'm organizing this training + + [ ] I shared a contact to whom my organization should call if something happens + +## About the venue + + [ ] The venue has enough tables and chairs to everyone + + [ ] The venue has internet connection and I know the wifi password + + [ ] It has a projector available and works on my computer + +## Audience & Communication + + [ ] I sent an e-mail with the address and time to all participants + + [ ] I asked them to bring the necessary equipment to the training + + [ ] I have confirmed participants for the training + +## During the training + +Before starting the training, make sure you: + + [ ] Make an agreement about taking or not taking photos + + [ ] Present the agenda + + [ ] Introduce yourself and ask people to introduce themselves + + [ ] "All questions are welcome" + +## After the training + + [ ] Collect participants feedback + + [ ] Leave an e-mail for further contact and support + + [ ] Make an evaluation about the training + + [ ] Report privately to Community Team +--- +color: primary +--- +html: two-columns-page.html +--- +key: 1 +--- +section: Training +--- +section_id: training +--- +subtitle: Based on our best practices, we have a training checklist to help you +--- +key: 4

1 0

[community/master] Add digital security risks disclaimer and quick assessment
by emmapeel＠torproject.org 03 Oct '19

03 Oct '19

commit efc7eea85ff23dc737aa4d318e42fb009a5448b8 Author: gus <gus(a)torproject.org> Date: Wed Oct 2 21:26:03 2019 -0400 Add digital security risks disclaimer and quick assessment --- content/training/risks/contents.lr | 52 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/content/training/risks/contents.lr b/content/training/risks/contents.lr new file mode 100644 index 0000000..6da1774 --- /dev/null +++ b/content/training/risks/contents.lr @@ -0,0 +1,52 @@ +_model: page +--- +title: Risks +--- +body: + +To our knowledge, no Tor trainer has ever faced consequences as a result of training others or speaking about Tor. However, in some countries and in certain circumstances, it's possible that a simply gathering of human rights defenders could be very risky, illegal or even subject of imprisonment, physical assaults, large fines, threats, placement on government watch lists and targeting for surveillance. + +If you want to run a Tor training for the first time and you don't know how to assess the political and social environment, we strongly encourage you read this document and, in case of doubt, to reach out Tor Community Team privately. + +Some of potential risks of running a digital security training are only valid in specific contexts. Therefore the potential risks associated to running a Tor training depend on: + +1. **Your threat model.** A high-profile activist already under a lot of surveillance, for example, might attract more attention when reaching out other activists to run a digital security training. +2. **The laws and regulations in the country.** Best to consult with local lawyers and local freedom of expression organizations, and learn whether your country has a record in prosecuting individuals engaging in similar types of activities. +3. **The types of training.** Not all trainings carry the same weight in terms of potential risk. For example, talking about privacy on digital age might be appreciable, but teaching how to circumvent government censorship could be a serious felony. +4. **The audience.** Gathering university students might not attract attention, but in case of a group of journalists working on leaked documents about government corruption, you might need to be extra careful on how to reach out them in a private way. +5. **The training venue.** Running a Tor training in some spaces could expose your participants identity. Ideally, you should use a private space that you can control the participants entrance. Check before the training if participants are comfortable on revealing their identity to a third party, if it's the case. + +## Evaluating risks + +Some questions you may want to answer before running a digital security training include: + +* Has anyone in my country ever been criminalized based on their internet activity? (This does not necessarily need to be specific to digital security training or use of Tor) +* Are there laws in my country that require Internet Service Providers (ISPs) to track my online activity? +* Is it illegal for me to access certain websites? +* Does my country prohibit me from using: + * Cryptography? + * Anonymity software? + +Note, this is not an exhaustive list of questions. + +Additionally, while many countries do not have laws specifically prohibiting the activity of running digital security training, the use of digital security tools may still be criminalized in certain countries under other, broader laws. For example, using Tor Browser may be viewed as illegal or anti-government activity. + +Please note that we are not lawyers, and any information we give you does not constitute legal advice. Additionally, your communication with us is not protected by any legal privilege so law enforcement may subpoena and obtain any information you give us. However, we may be able to put you in touch with lawyers who are capable of addressing your questions and/or concerns. + +Some relevant resources include: + + * [EFF Know your rights](https://www.eff.org/issues/know-your-rights) + * [EFF Tor legal FAQ](https://community.torproject.org/relay/community-resources/eff-tor-leg… + * [OONI disclaimer](https://ooni.io/about/risks/) +--- +color: primary +--- +html: two-columns-page.html +--- +key: 6 +--- +section: training +--- +section_id: training +--- +subtitle: Things you should be aware before running a digital security training

1 0

[metrics-cloud/master] onionperf: Use Debian 10 AMI (Fixes: #31412)
by irl＠torproject.org 03 Oct '19

03 Oct '19

commit ede84fb58e2a36dc312e0507a35e57ddd6b27736 Author: Iain R. Learmonth <irl(a)fsfe.org> Date: Thu Oct 3 11:58:42 2019 +0100 onionperf: Use Debian 10 AMI (Fixes: #31412) --- cloudformation/onionperf-dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloudformation/onionperf-dev.yml b/cloudformation/onionperf-dev.yml index 581e46b..0004518 100644 --- a/cloudformation/onionperf-dev.yml +++ b/cloudformation/onionperf-dev.yml @@ -9,7 +9,7 @@ Resources: Type: AWS::EC2::Instance Properties: AvailabilityZone: us-east-1a - ImageId: ami-0bd9223868b4778d7 + ImageId: ami-01db78123b2b99496 InstanceType: t2.micro SubnetId: Fn::ImportValue: !Sub 'MetricsSubnet'

1 0