Hella howdy yall,
The vanguards Tor Controller addon is getting close to another release. It lives at: https://github.com/mikeperry-tor/vanguards
The addon is written in python, and uses the Tor Control Protocol (via stem) to alter how Tor behaves. It provides protection to onion services and onion service clients against a variety of attacks. It implements experimental defenses that need to be tuned to perform optimally for a variety of different deployment scenarios, known and unknown, that may exist in the wild.
For more details about what the addon does, see: https://github.com/mikeperry-tor/vanguards/blob/master/README_TECHNICAL.md
For a comprehensive treatment of the known attacks against onion services, including how this addon fits in, see: https://github.com/mikeperry-tor/vanguards/blob/master/README_SECURITY.md
The ultimate goal is to merge these defenses into Tor itself, but they will take time to study. Because of this, the lifespan of this addon will be measured in years, especially if your distribution uses the "Tor Long Term Stable" release by default.
During this time, it is important that this addon is easy to install and update securely, so that onion service operators can run it in order to give us feedback on how parameters perform with their particular setups, in addition to allowing them to benefit from the additional security we believe that it provides.
The addon does not have to be available in your distribution's official repositories. It is sufficient that it is available either via a backports repository, or via one of the torproject package sources for your distribution. The important thing is that it is authenticated by a secure GPG key that can be imported into a distribution's package manager, and that you keep up with updates.
The addon has 98% unit test coverage of its lines under python2.7, python3.5, and pypy. pypy is the preferred python interpreter for the addon, because it provides a JIT that improves performance for high traffic onion services.
The addon has two dependencies: ipaddress, and stem. ipaddress is included in python3 distributions, and that version is sufficient. For python2 and pypy, the version in requirements.txt is preferred.
Unfortunately, however, Stem 1.6.0 broke compatibility with pypy: https://trac.torproject.org/projects/tor/ticket/26207
A fix is available here, but is not present in any stem release: https://gitweb.torproject.org/stem.git/commit/?id=c52db04
Your distribution will need to backport this fix, if it uses Stem 1.6.0 with pypy. Stem versions prior to 1.6.0 do not have this issue. The forthcoming stem 1.7.0 will include the fix.
Iain Learmonth (irl) has been working on the packages for debian. Hopefully he can report any additional issues here.
Please respond to this mail on or off list if you intend to package this addon for your distribution, for either official repositories or for torproject ones, so that we may mention this fact in an upcoming blogpost for the release. Please also ask me any questions you may have about packaging, on list or off. I'm also on #tor-dev on irc.oftc.net as mikeperry.
The release tags are signed with the following GPG key, which has also signed this mail, and also signs all of my other mails to tor mailinglists:
pub 8192R/29846B3C683686CC 2013-09-11 Key fingerprint = C963 C21D 6356 4E2B 10BB 335B 2984 6B3C 6836 86CC uid Mike Perry mikeperry@endarken.info uid Mike Perry mikeperry@unencrypted.info uid Mike Perry (Regular use key) mikeperry@fscked.org uid Mike Perry (Regular use key) mikeperry@torproject.org