- tor-project - lists.torproject.org

Re: [tor-project] The Tor Project Social Contract
by Nathan Freitas 08 Aug '16

08 Aug '16

On Tue, Aug 2, 2016, at 07:59 AM, Lunar wrote: > Hi! > > Mike Perry: > > I hate to be late to the party, and I hate to start a libre/free/open > > flamewar, but I am concerned about the specific language "free of cost" > > with respect to our tools in Point #3. > > […] > > I see nothing wrong with paid versions of Tor tools, paid hardware, or > > paid access, so long as the implementations of security-critical > > components are open source and auditable. Maybe others disagree? > > I disagree. :) > > Wealth is already an important factor in one's ability to enjoy freedoms > of opinion, expression, and association. If we agree that you can't > really exercise these freedoms in the digital world without tools like > Tor, I think such access to these tools should not be restricted by > how much money you can spend on it. > > While I agree that we should find ways to cover costs of production, > or that I think it's ok to sell hardware with Tor preinstalled, > I believe we should try to find business models that aim to balance the > wealth disparities of this world, because I want our work to help > balance power. I agree with both of you in different ways. Requiring a user to be able to compile to get something free is not good enough. Some longer thoughts below, but I think the spirit of what we say should be "Always Free, but Pay What You Can". Using Onion Browser as an example, it is great that Mike Tigas has been able to independently support his work on that project by charging a small fee for the open-source software he builds. However, it has also severely limited adoption, and pushed users to less trustworthy apps, because there are many people who don't have the ability to purchase apps on iOS due to not having a credit card or being in a country where paid apps are not supported (like Iran, I believe). With iOS, there is no way to sideload from a free app store without making your device insecure, so the only "free as in beer" and secure way to get Onion Browser is to know someone who has a Mac, is an iOS developer, and who is willing to link your device to their IDE setup. What I would like to see from Onion Browser, and from all Tor-related apps/projects/community members that choose to support this contract, is to offer a free version always, and then a pro/premium pay version, or a "pay what you can" option, that is functionality equivalent. That way, novice users will always have access without any impediments due to their economic situation. This is also a model that I would like to adopt for Orbot and Orfox, and any app store that offers a built-in, easy payment system. Again, users would not be required to use this, but for people who already opt-in and are comfortable providing their payment information, then it is an easy way for Tor projects to gain sustainable grassroots support. On the hardware front, we are already working with Copperhead to sell premium-priced Nexus phones flashed with their open-source OS, that may someday have Orbot built into it. Copperhead offers their ROM free of charge for anyone to flash to a Nexus device, but again, that is a very serious impediment for non-technical users. What I am trying to setup there is a "buy one, give one" program, or again, a "pay what you can" system, that is backed by those who can afford to donate money along with their purchases. > > Here's an attempt to reword to capture my thinking: > > > > 3. Our tools are universally available to access, use, adapt, and distribute > > Ok with the rewording here. Perhaps we could define "universally available" a bit more to ensure that in includes non-technical end-users? This means that we are talking about more than just "we publish the source code". Best, Nathan

9 16

Notes from August 4 2016 Vegas team meeting
by Karsten Loesing 08 Aug '16

08 Aug '16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 See this posting for context: https://lists.torproject.org/pipermail/tor-project/2016-April/000223.html Notes for August 4 2016 meeting: Shari: 1) Just getting back from East Coast trip. 2) Met with Gunner to discuss Seattle meeting-formerly-known-as-TorDev. Meeting with Gunner and attorney next week in San Francisco to further flesh things out. 3) Approving travel for meeting attendees using our Egencia account. 4) Rolled out health benefits for employees as of August 1. 5) Reviewed 990 and sending comments to auditors. 6) Helping with Sida grant proposal. It's huge with lots of great stuff! Isabela: 1) working on sida non-stop 2) finishing quarterly report as soon i am done reviewing sida -- lots of work on sida 3) meeting nick tomorrow to sync on network team stuff but will also get some ideas for drl proposal Mike: 1) Been talking to Kevin about migrating the blog. He is ready to go. We should get him a contract. 2) Working on refreshing my prototype Tor phone based on Copperhead for Tor Labs. My hope is that having this as a first post will both raise a ton of awareness about interesting Tor-related Android projects, as well as draw more attention to the Tor labs launch. Kate: 1) Pitched Weasel’s first blog post to Weasel—on Debian and Tor onion services; partnered with Debian media person to release it simultaneously; got a press hit (wasn’t expecting any) and a bit of positive attention on social media 2) Blog post on Tor animation; distributed blog post to reporters and expect some media attention (got one hit so far) 3) Blog post on Serene and Snowflake 4) Pitched and set up meetings between reporters for Shari in NY and DC 5) Answered multiple media queries 6) Mr Robot’s whole plot revolves around nefarious onion services. Their content advisors include a CloudFlare tech person and a former FBI person. Will try to pitch alternate story lines (very longshot) and also will contact Silicon Valley TV producers to see if we can get Tor on there. Alison: 1) Community Council: we're reaching out to other councils for ideas on guidelines and balancing between privacy and transparency 2) Lunar agreed to take up TWN again. The community team will assist him as needed. 3) otherwise, doing what I was doing last week: SIDA, community docs, support desk stuff, community team outreach, trainings/traveling Karsten: 1) Prepared first monthly team report for July 2016 to be published tomorrow. 2) Upgraded the CollecTor host to Debian jessie. 3) Put out metrics-lib bugfix release 1.3.1. 4) Worked on CollecTor tickets in preparation of first release 1.0.0 next week. Nick: 1) been sick on and off; trying to work 2) team seems to be doing ok 3) talked with some equalit.ie folks about possible collaboration areas. * who has been working on tech solutions to cloudflare-type issues? we should put them in touch * they are looking for somebody interested in next-gen PTv2 designs, see https://equalit.ie/lead-developer-and-darknet-enthusiast/ , see also CENO2. Might be interested in collaboration. PTv2 designs need firming up and circulating though. * do we have anybody on tor-messenger who would be interested in np1sec integration? Roger: 1) I went to the DRL reverse site visit, and have been doing SponsorR stuff around that. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJXqDmzAAoJEC3ESO/4X7XBKjYH/iZhjlCr+R+9ycOhfxzmyCoc N1s0T4ylJpxpOpFjSf8nBlpCI4PZQLzlTlnP3X8Vv0zue+OzAVMwEwzVIlD+wvsT IGMFDqTMCdE4BpNQTmTTWy/74TRN75l3tFgE9DICjbWqaYmcswUmkoU16/S+XQiA JImxQlBtMQSQDU/ipAkmrs6V3ji1HobNgYHjfS5U4oNG8ulh15C2Uv4hnBA9szTM bF7zJW+stJ6evNsuNy14eAODLOOe5RafgWGWc+PalVL0cLoQXeKuJYEXa4YtZ5AQ jChg2zWOF2nh8AhJYJi8QbwAQoy2FatjBq0AjcqbygWKNNWKwuZM9URXb2Op8QY= =49xu -----END PGP SIGNATURE-----

1 0

LWN on the Internet of Onions
by Nathan Freitas 05 Aug '16

05 Aug '16

A good story went up here: http://lwn.net/Articles/695910/ and is getting some props on hackernews as well (https://news.ycombinator.com/item?id=12225998) **** The Internet of Onions By Nathan Willis August 3, 2016 The tension between convenience and security is age-old, but it has, perhaps, never been as acutely felt as it is in debates about the Internet of Things (IoT). Smart devices for monitoring and controlling household and industrial appliances are cheap and near-ubiquitous. But the cheapness and the near-ubiquity of the commercial IoT products on the market both come at the cost of exposing one's devices and home network to eavesdroppers and remote servers. A Tor developer recently undertook an effort to increase IoT security by routing device traffic through the Tor network. While the work is, so far, available only in a single free-software IoT platform, the developers are hoping it will spread. Tor developer Nathan Freitas, who is also Executive Director of the Guardian Project, undertook the the development and testing of Tor-transport support for the open-source home-automation program Home Assistant. On July 20, Freitas explained the project in a blog post. Home invasions In brief, Home Assistant is a Python-based tool that provides a single web interface for a wide range of individual IoT devices. Freitas's contribution is a network configuration that routes Home Assistant's web interface over a Tor Hidden Service (so that it can only be accessed by a Tor-enabled browser via a special .onion domain name). In a demonstration video [YouTube], Freitas calls attention to two separate concerns about commercial IoT devices. The first is that many expect to have direct access to the Internet, often for an HTTP connection to a remote service, and the installation instructions advise users to enable access by simply opening up ports on their firewall (if, indeed, they have one to begin with). The risk is that attackers can easily scan for the signatures known-to-be-insecure IoT products, log them, and access the devices at will. This is rather dangerous, when one considers that IP-based video cameras, climate controls, door locks, and other sensitive devices are exposed in this manner. The second concern is that many products enable device operation solely through a remote web server controlled by the manufacturer; the addresses of these servers may even be hard-coded into the device's software. For the curious, Matthew Garrett has recently taken to writing in-depth reviews of such products on Amazon.com, with both informative and frightening results. Some privacy-conscious users may understandably regard the second concern as the more serious one, since pervasive data logging and user tracking could be taking place at the remote server (not to mention the fact that the device could fail to function without an Internet connection). For many others, however, the first risk is greater. Stories of webcam and baby-monitor exploits are already commonplace; as more device classes go online, one can only expect further attacks. As a result, securing access to the web interfaces of IoT devices has been the initial focus of Freitas's effort. Hiding the route Merely routing the web interface over Tor goes a long way to protect users from the eavesdropping concern, but if the device's front end is reachable through its .onion address, it can still be detected and scanned on the Tor network, as the 2013 paper Trawling for Tor Hidden Services [PDF] explains. The technique described in the paper involves running a large set of Tor relay nodes that secretly log the appearance of hidden service nodes. Although the distributed-consensus model Tor employs makes it difficult for any attacker to shut out the legitimate relays (another possible attack), a well-funded attacker could certainly monitor the availability of hidden services over time and hone in on their locations using traffic correlation. The solution is to enable a little-known "stealth" authorization option in the service's configuration. Setting the HiddenServiceAuthorizeClient to stealth on the server causes Tor to generate a random authorization key pair, so that the public key can be copied to each device that should be allowed to access the service. >From that point on, the nodes in the Tor network provide additional security beyond what would be achievable with (say) a standard HTTP cookie, blocking connection requests from clients without the proper credentials by reporting that the requested server is unroutable. This is possible because Tor hidden services announce their presence to the network by publishing a service descriptor that normally includes the address of an "introduction point" node. The service descriptors are tracked in Hidden Service Directory nodes within the Tor network. Other Tor relay nodes then know how to establish a circuit to the service by looking up the introduction point, even though those relays cannot peek beyond the introduction point to find where the service originates. In stealth mode, however, the introduction-point portion of the service descriptor is encrypted with the private key from the authorization key pair; authorized clients will be able to decrypt the descriptor field because they possess the corresponding key, but other clients will not. Attempts by unauthorized clients to connect to the introduction-point node listed in the service descriptor will fail as being unreachable, making the result indistinguishable from a hidden server that has simply gone offline. There is no limit to the number of authorization keys a server can use, so each client can use a unique key and the keys can be replaced as frequently as desired. Services are also allowed to publish fake service descriptors to further obfuscate connection points from eavesdroppers and trawlers. Secure all the things In an email, Freitas noted that there are two challenges to adding Tor support to a project like Home Assistant. The first is that the program's network layer has to be able to work using an .onion address—which, evidently, breaks many assumptions about host-name formatting and lookup. The second is that the code dealing with the IoT devices themselves is prone to unintended connection leakage. For example, he said, "with Home Assistant there are a lot of outbound connections that it relies on for access to public data that we also want to tunnel through Tor." As is the case with HTTPS support, he added, fixing this is typically a matter of finding developers willing to make sure the Tor routing works. "If we can build a 'LetsOnion' type script to make that easier," he said, "we will." Moving forward, Freitas said he hopes to work on adding Tor support to openHAB and similar open-source home-automation systems. In the meantime, however, he said that users can route individual apps over Tor using the Guardian Project's Orbot proxy for Android. By default, most consumer IoT devices are paired with a one-shot app (one for each brand of light bulb, one for the thermostat, one for the security cameras, etc.). Orbot can tunnel these apps to a Tor endpoint running in the user's home; the result is not as good as complete anonymity, perhaps, but it is certainly superior to trusting the Internet unconditionally. Developers, of course, can also build Tor-routing functionality into the app directly—the Guardian Project's Netcipher library is designed for that purpose. The one remaining piece of the IoT puzzle is what to do about devices that rely on maintaining a connection to a remote web server in order to function. Some such devices can still function with only a LAN connection, which can in turn be routed over Tor. Others, however, fail to function if they cannot "phone home." At that point, the only solution may be to avoid the device in question. Freitas said he was investigating which IoT devices work in LAN-only mode and will try to ensure that they can function when routed over Tor. But which devices go into the home will ultimately remain the user's choice. The security-versus-convenience trade-off has attracted a fair amount of attention from highly technical users, but it remains to be seen whether or not the industry as a whole will ever care. Freitas said he hopes that the Guardian Project's IoT work can demonstrate that the steps required to secure this class of device are small and easy to take, if one is interested in the goal.

1 0

Remove mercurius4 obfs4 bridge from Tor Browser?
by David Fifield 05 Aug '16

05 Aug '16

According to my and Lynn Tsai's bridge reachability measurements, the default obfs4 bridge mercurius4 has not been running for a few months. It was refusing connections in March and April, and more recently has just been timing out. Time to remove it? pref("extensions.torlauncher.default_bridge.obfs4.6", "obfs4 104.131.108.182:56880 EF577C30B9F788B0E1801CF7E433B3B77792B77A cert=0SFhfDQrKjUJP8Qq6wrwSICEPf3Vl/nJRsYxWbg3QRoSqhl2EB78MPS2lQxbXY4EW1wwXA iat-mode=0");

5 8

Re: [tor-project] New Bridge Authority
by Sina Rabbani 04 Aug '16

04 Aug '16

This may just be my own paranoia, but I can't help but to wonder about the level of physical security a "darkened basement" can provide for such a mission critical component of the network. All the best, Sina "Be the change that you wish to see in the world." - Mahatma Gandhi ----- On Aug 4, 2016, at 1:31 PM, isis agora lovecruft isis(a)torproject.org wrote: > isis agora lovecruft transcribed 2.9K bytes: >> Today, I am very excite to take a field trip (!!) to a datacenter (!!!) with >> some most excellent folks from Greenhost (DrWhax and Sacha!!!). We will be >> racking a server and installing an OS on it, and getting it ready to be a new >> Bridge Authority to replace Tonga. > > So… it actually wasn't to the datacenter, but merely to the darkened basement > server room of the Greenhost offices, which Sacha described as "the nicest > office in the building!" > > I've set up the server, bought two new harddisks and configured RAID, > installed an OS on it, and done some preliminary hardening. The server should > go to the datacenter early next week, and then we can start the transition. > It looks like everything should happen well before the 31 August deadline, so > the apocalypse has been averted and there's little reason to freak out. > > Best regards, > -- > ♥Ⓐ isis agora lovecruft > _________________________________________________________ > OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35 > Current Keys: https://fyb.patternsinthevoid.net/isis.txt > > _______________________________________________ > tor-project mailing list > tor-project(a)lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

1 0

Please credit NSF in your Tor research papers!
by Roger Dingledine 04 Aug '16

04 Aug '16

When I fill out the annual reports for our NSF projects (SponsorM, SponsorQ, SponsorV currently), I brag about our research papers, and it works much better if we remember to credit NSF in the acknowledgements section of the paper. Here is good text to use: "This work was partially supported by the NSF under grants CNS-1111539, CNS-1314637, and CNS-1520552." More generally, if you are going to be an author on a Tor research paper, including just a submission, please let Kate and me know so we can do good things with this info. Thanks! --Roger

1 0

Re: [tor-project] The Tor Project Social Contract
by Nathan Freitas 03 Aug '16

03 Aug '16

On Wed, Aug 3, 2016, at 04:45 AM, John Gilmore wrote: > Nathan wrote: > > I agree corporate/commercial licensing is a great option for > > sustainable revenue generation. Let's make sure this allows for > > that. In the case of Moxie, his software is not free to developers > > who was to incorporate it into non GPL software. > > The Social Contract is probably not the place to debate (or record > the result of debate about) the specific license used for Tor software. > > Nathan seems to have an issue with GPL licensed software. But his > argument undercuts his point. I have no issue with it, and license as much of my own software under GPL as possible. I agree it creates a great opportunity for licensing revenue that Tor does not have, at least with the core tor daemon. +n

1 0

Re: [tor-project] The Tor Project Social Contract
by Nathan Freitas 03 Aug '16

03 Aug '16

On Tue, Aug 2, 2016, at 02:26 PM, Kate wrote: > I believe that our tools should remain free to users and we should > strategize other ways to make money. "Pay what you can" software is an > idea widely understood in the global north; is it also in the global > south? Pay with what? Bitcoin? Credit cards? If you get the software > installed at your local roadside store, who do you pay? These are all > barriers to using Tor. Just to be clear, if what someone can pay is "nothing" they are free to do so in the "pay what you can" scenario, without stigma. Perhaps we could ask their contribution to just spread the word. Within this contract, I think Mike and I are both just asking for this kind of future option to not be off the table. Perhaps if it is always stated as an "optional donation" then it would fit within the "always free" pledge more cleanly? I agree corporate/commercial licensing is a great option for sustainable revenue generation. Let's make sure this allows for that. In the case of Moxie, his software is not free to developers who was to incorporate it into non GPL software. +n

2 1

Re: [tor-project] Volunteer Application
by teor 02 Aug '16

02 Aug '16

Hi Zaheer, Please reply-all to the list, so others can help you as well. Have you tried building Orbot? https://gitweb.torproject.org/orbot.git You could also look at the Orbot bug tracker, choose a small task, and submit a patch. https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… Tim > On 2 Aug 2016, at 22:03, Zaheer Ahmed <zaheercena(a)gmail.com> wrote: > > Hi > I also worked as Android Developer for Native Apps that's why I am now interested in Orbot. Please Consider it if you can. Again No Demand just offering services for my passion in Security field. Thank you. > > Regards > Zaheer Ahmed > +923351443176 > > On Tue, Aug 2, 2016 at 4:51 PM, teor <teor2345(a)gmail.com> wrote: > > > On 2 Aug 2016, at 19:43, Shari Steele <ssteele(a)torproject.org> wrote: > > > > > > > >> Begin forwarded message: > >> > >> From: Zaheer Ahmed <zaheercena(a)gmail.com> > >> Subject: Volunteer Application > >> Date: August 1, 2016 at 12:11:23 AM PDT > >> To: execdir(a)torproject.org > >> > >> Hi > >> I have been studying Tor from last Several Months and Researching on it now I want to properly get involved in tor Organization. > >> > >> I h'v Spirit, Dedication and also wanted to be. I am a Software Developer worked on Android and core C++ programming. I will not demand Money from you for letting me work in > >> The Tor Project > >> 217 1st Ave South #4903 > >> Seattle, WA 98194 USA > >> > >> Your Reply will be highly appreciated. > >> Regards > >> Zaheer Ahmed > >> +923351443176 > >> zaheercena(a)gmail.com > > Hi Zaheer, > > There are many things you can do as a Tor volunteer: > https://www.torproject.org/getinvolved/volunteer.html.en > > With your experience, perhaps you might be interested in orbot, which provides Tor on Android? > https://guardianproject.info/apps/orbot/ > > Tim > > Tim Wilson-Brown (teor) > > teor2345 at gmail dot com > PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B > ricochet:ekmygaiu4rzgsk6n > xmmp: teor at torproject dot org > > > > > > Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmmp: teor at torproject dot org

2 2

Fwd: Volunteer Application
by Shari Steele 02 Aug '16

02 Aug '16

> Begin forwarded message: > > From: Zaheer Ahmed <zaheercena(a)gmail.com> > Subject: Volunteer Application > Date: August 1, 2016 at 12:11:23 AM PDT > To: execdir(a)torproject.org > > Hi > I have been studying Tor from last Several Months and Researching on it now I want to properly get involved in tor Organization. > > I h'v Spirit, Dedication and also wanted to be. I am a Software Developer worked on Android and core C++ programming. I will not demand Money from you for letting me work in > The Tor Project > 217 1st Ave South #4903 > Seattle, WA 98194 USA > > Your Reply will be highly appreciated. > Regards > Zaheer Ahmed > +923351443176 > zaheercena(a)gmail.com <mailto:zaheercena@gmail.com>

2 1