Hi Fabio Pietrosanti:
Thanks, I appreciate your help. I will be working on this. I actually was considering to maybe provide it to the community so people could pinpoint bugs and contribute patches.
I will be studying onionbrowser. But seems they are running Tor as a thread inside the browser executing tor_main and then have the browser connect to itself using socks 5 which is somehow ugly.
This looked interesting:
https://lists.torproject.org/pipermail/tor-talk/2011-September/021528.html
but seems Tor just evolved.
That's the future of Tor, to be integrated as a library just like an encryption library into application.
Same feeling here.
Thanks for your comments Christopher Schmidt. I do appreciate to hear different points of view and know beforehand feelings of people against. Yet I disagree and I would like to argument why.
Embedding a Tor client in another application cripples auditability, configurability, updateability etc. of Tor.
Not necessarily. If it is open source would be auditable.
I could dynamically link the library to let you update it on your own if you want. Also the application can be updated. But even if statically linked and not updated as the Tor network evolves the application would become unusable if the standard changes therefore killing the insecure application eventually.
Regarding configurability I could proxy your configuration to the Tor library. Since it is open you can check I am being honest or if there are bugs even if such application is not open source. (you could even override received configuration from the application)
I could let you configure the application to use embedded Tor or not, then you could use your own tor client if you want.
And this is not entirely clear to me but I believe Tor could be routed trough Tor again if you are forced to use embedded library and you are worried about it being insecure.
And in any case well you can opt in or out of the application.
Yet as a library I believe there would be increase of useability. That means Tor will be more popular. If it becomes more popular it means more support. I mean I probably wouldn't be donating a relay to the network If I weren't using Tor.
Even worse, an application trying to outsmart the user by controlling Tor on its own poses a severe security risk.
Well an application using Tor as it is and properly configured could create a covert channel and totally do away with your anonymity. So I am supposing the application is not intentionally evil.
From another standpoint every security chain is as strong as its weakest link. Usually the weak link is the user miss-configuring things and then comes the false sense of security.
As Fabio pointed earlier the DNS leak or the direct connection for example.
In any case if you want to provide arguments against I would like to hear them.
I tell you what. I don't have intentions to change Tor. I basically want to do this for me. But since I notice now it could be useful to the community and the community could be providing feedback I can make it public under the same license. So this is what I am going to do. Fork Tor under the same license and change it until I get a working library. If somebody wants to join well everybody invited. I think more hands working on it will be great. And if you want to merge it with Tor well you all can decide that later. And if you want we can cooperate directly. After all both projects would be sharing a lot of sourcecode. Many fixes and optimizations will be able to come back to Tor and the library could receive updates from the Tor project. I am thinking to name it libtor. What do you say?
I think a good approach could be to start with the ugly hack creating a clean API that would get extended over time and then change bit by bit until we get something clean.
Regards Waldo
On 3/29/13 4:50 AM, wac wrote:
I tell you what. I don't have intentions to change Tor. I basically want to do this for me. But since I notice now it could be useful to the community and the community could be providing feedback I can make it public under the same license. So this is what I am going to do. Fork Tor under the same license and change it until I get a working library. If somebody wants to join well everybody invited. I think more hands working on it will be great. And if you want to merge it with Tor well you all can decide that later. And if you want we can cooperate directly. After all both projects would be sharing a lot of sourcecode. Many fixes and optimizations will be able to come back to Tor and the library could receive updates from the Tor project. I am thinking to name it libtor. What do you say?
I'd suggest for the "output" to produce a set of patches against Tor (development version), including modifications to: - build system - documentation (man pages) - unit-tests everything following the coding guidelines of Tor with the goal/hope to be integrated.
It would be very valuable to define the "use case" of your library, in particular what you are going to support and for which context of use.For example are you going to simply support "outgoing anonymous connection" or "are you going to support caching descriptors to avoid excessive load on Tor network?" or "Are you going to support Tor Hidden Service exposure to receive inbound connections" ?
After a first prototype is achieved, it would be the best to: a) define the API b) document the API c) submit the API for review (to tor-dev mlist)
Additionally, due to the paranoia-level of Tor environment, it would be useful a documents describing a "Threat model" with a set of risks represented by the use of Tor as a library and how they are managed/mitigated.
If you will need to modify some existing core pieces of Tor code here and there, always open a relevant ticket on http://trac.torproject.org explaining why a modification is relevant/useful with a commit of the patch well documented (to stimulate/facilitate the integration).
As a prototype example, i'd suggest you to provide an example "Python Binding" that use your "libtor", due to the heavy use of Python within the Tor Environment, that show how to embed Tor within a Python application.
Fabio
-
Fabio Pietrosanti (naif) -
wac