[or-cvs] r16347: Made appropriate changes to the documentation for all modifi (incognito/trunk/root_overlay/usr/share/incognito)
anonym at seul.org
anonym at seul.org
Sat Aug 2 01:10:37 UTC 2008
Author: anonym
Date: 2008-08-01 21:10:37 -0400 (Fri, 01 Aug 2008)
New Revision: 16347
Modified:
incognito/trunk/root_overlay/usr/share/incognito/docs.html
Log:
Made appropriate changes to the documentation for all modifications made since last release.
Modified: incognito/trunk/root_overlay/usr/share/incognito/docs.html
===================================================================
--- incognito/trunk/root_overlay/usr/share/incognito/docs.html 2008-08-02 01:09:42 UTC (rev 16346)
+++ incognito/trunk/root_overlay/usr/share/incognito/docs.html 2008-08-02 01:10:37 UTC (rev 16347)
@@ -19,7 +19,7 @@
</ul>
<p>
-<strong>NOTICE</strong>: This CD is provided as-is with no warranty of fitness for a particular purpose, including total anonymity. Anonymity depends not only on the software but also on the user understanding the risks involved and how to overcome those risks.
+<strong>NOTICE</strong>: This distribution is provided as-is with no warranty of fitness for a particular purpose, including total anonymity. Anonymity depends not only on the software but also on the user understanding the risks involved and how to overcome those risks.
</p>
<a name="intent">
@@ -27,7 +27,7 @@
<blockquote>What are we trying to do?</blockquote>
<p>
-This CD provides software to use various Internet technologies while keeping the user anonymous. It is based primarily on <a href="https://www.torproject.org">Tor</a> while including supporting applications. The target use case is that of using a public computer, such as in a library, securely. This CD may also be copied to a USB drive to provide persisted user settings. The intended user base are those who would like to perform standard Internet communications such as WWW, mail, IRC, IM, etc, while being confident that their anonymity is not compromised. Power users who want precise control over the application and network configuration may be disappointed.
+This CD provides a software solution for using various Internet technologies while staying anonymous. It is based primarily on <a href="https://www.torproject.org">Tor</a> while including supporting applications. The target use case is that of using a public computer, such as in a library, securely, or a home computer for easy setup. This distribution may is designed as a LiveCD, but may also be copied to a USB drive to provide persisted user settings, or run from virtual machines such as QEMU, VMWare and VirtualBox.
</p>
@@ -35,13 +35,9 @@
<dt>Target User Base</dt>
<dd>
-The target user is one who is using a computer that does not necessarily have full control of said computer and desires to access Internet services. Examples would be a public computer in a library, coffee shop, university or a residence. Also, users not wanting to bother with configuring all applications appropriately (with respect to anonymity) could use __INCOGNITO__ on their home computers. The implementation should provide strong anonymity with no configuration. It should be difficult or impossible, for the user to unknowingly compromise anonymity. Users requiring more precise control over the application and network configuration may be disappointed.
+The target user is one who is using a computer that does not necessarily have full control of said computer and desires to access Internet services anonymously. Examples would be a public computer in a library, coffee shop, university or a residence. Also, users not wanting to bother with configuring all applications appropriately (with respect to anonymity) could use __INCOGNITO__ on their home computers for easy setup. The implementation should provide strong anonymity with no configuration. It should be difficult or impossible, for the user to unknowingly compromise anonymity. Users requiring more precise control over the application and network configuration may be disappointed.
</dd>
-<dt></dt>
-<dd>
-</dd>
-
<dt>Required Internet Services</dt>
<dd>
At minimum the following Internet services should be supported: WWW, E-Mail, IRC.
@@ -49,7 +45,7 @@
<dt>Recommended Internet Services</dt>
<dd>
-The following Internet services are recommended to be supported: Instant Messaging.
+The following Internet services are recommended to be supported: Instant Messaging, SSH, Remote desktop control, P2P file-sharing.
</dd>
<dt>Supported Instant Messaging Protocols</dt>
@@ -69,12 +65,12 @@
<dt>Media</dt>
<dd>
-The implementation should be able to run off either CD or a USB bootable drive. The media must be bootable, not run from the host operating system.
+The implementation should be able to run off either CD or a USB bootable drive. The media must be bootable and not run from the host operating system, although the latter may be available for those willing to take risks.
</dd>
<dt>Persisted User Settings on USB Drive</dt>
<dd>
-User settings should be persisted when using a USB drive. The user should have the option to store these settings encrypted.
+User settings and files should be persisted when using a USB drive. The user should have the option to store these settings and files encrypted.
</dd>
</dl>
@@ -113,14 +109,10 @@
<h2>Implementation</h2>
<blockquote>How did we implement our approach in order to reach our goals.</blockquote>
-<p>
-There are full and tiny versions of the CD. The tiny version is intended to fit on small media (such as a 'business card' CD) and basically provides an anonymous web browser. The full version supports a variety of Internet applications.
-</p>
-
<h3>Software</h3>
<p>
-The following software is present on both the full and tiny versions. The version of the packages used is included on the CD at /usr/share/packages.txt.
+The following software is used in __INCOGNITO__. The version of the packages is included on the CD at /usr/share/packages.txt but note that this package list currently will contain a few package that are not already installed as it is generated before catalyst unmerges them in the last stage.
</p>
<dl>
@@ -129,7 +121,7 @@
<dd>The base operating system, provides hardware detection, infrastructure. Please note that the Gentoo Foundation does not provide or endorse this software distribution.</dd>
<dt><a href="<!-- #homepage(net-misc/tor) -->">Tor</a> <!-- #version(net-misc/tor) --></dt>
-<dd><!-- #description(net-misc/tor) -->. Our attempt is to always use the latest stable version. This version is patched to allow controllers to access the cookie authentication file. The <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/portage.overlay/net-misc/tor/files/tor-cookieperm.patch">patch</a> is from the 0.2.0.x development branch.</dd>
+<dd><!-- #description(net-misc/tor) -->. Our intention is to always use the latest stable version.</dd>
<dt><a href="<!-- #homepage(net-proxy/polipo) -->">polipo</a> <!-- #version(net-proxy/polipo) --></dt>
<dd><!-- #description(net-proxy/polipo) --></dd>
@@ -137,12 +129,9 @@
<dt><a href="<!-- #homepage(www-client/mozilla-firefox-bin) -->">Firefox</a> <!-- #version(www-client/mozilla-firefox-bin) --></dt>
<dd><!-- #description(www-client/mozilla-firefox-bin) --></dd>
-<dt><a href="<!-- #homepage(x11-plugins/noscript-bin) -->">NoScript</a> <!-- #version(x11-plugins/noscript-bin) --></dt>
-<dd><!-- #description(x11-plugins/noscript-bin) --></dd>
+<dt><a href="<!-- #homepage(x11-plugins/torbutton-bin) -->">Torbutton</a> <!-- #version(x11-plugins/torbutton-bin) --></dt>
+<dd><!-- #description(x11-plugins/torbutton-bin) --></dd>
-<dt><a href="<!-- #homepage(x11-plugins/cs-lite) -->">CS Lite</a> <!-- #version(x11-plugins/cs-lite) --></dt>
-<dd><!-- #description(x11-plugins/cs-lite) --></dd>
-
<dt><a href="<!-- #homepage(x11-plugins/firegpg) -->">FireGPG</a> <!-- #version(x11-plugins/firegpg) --></dt>
<dd><!-- #description(x11-plugins/firegpg) --></dd>
@@ -173,9 +162,6 @@
<dt><a href="<!-- #homepage(mail-mta/mixminion) -->">Mixminion</a> <!-- #version(mail-mta/mixminion) --></dt>
<dd><!-- #description(mail-mta/mixminion) --></dd>
-<dt><a href="<!-- #homepage(mail-mta/mixminion-smtp) -->">Mixminion SMTP</a> <!-- #version(mail-mta/mixminion-smtp) --></dt>
-<dd><!-- #description(mail-mta/mixminion-smtp) --></dd>
-
<dt><a href="<!-- #homepage(mail-client/mozilla-thunderbird-bin) -->">Thunderbird</a> <!-- #version(mail-client/mozilla-thunderbird-bin) --></dt>
<dd><!-- #description(mail-client/mozilla-thunderbird-bin) --></dd>
@@ -227,9 +213,6 @@
<dt><a href="http://www.kde.org">KDE 3.5</a></dt>
<dd>K Desktop Environment, a reduced install with parts that could be useful on an anonymity CD.</dd>
-<dt><a href="<!-- #homepage(kde-base/kmail) -->">KDE - KMail</a> <!-- #version(kde-base/kmail) --></dt>
-<dd><!-- #description(kde-base/kmail) --></dd>
-
<dt><a href="<!-- #homepage(kde-base/konqueror) -->">KDE - Konqueror </a> <!-- #version(kde-base/konqueror) --></dt>
<dd><!-- #description(kde-base/konqueror) --></dd>
@@ -251,28 +234,31 @@
<dt><a href="<!-- #homepage(net-p2p/ktorrent) -->">KDE - KTorrent</a> <!-- #version(net-p2p/ktorrent) --></dt>
<dd><!-- #description(net-p2p/ktorrent) --></dd>
-<dt><a href="<!-- #homepage(kde-misc/tcgui) -->">TrueCrypt UI (TCGUI)</a> <!-- #version(kde-misc/tcgui) --></dt>
-<dd><!-- #description(kde-misc/tcgui) --></dd>
-
</dl>
</p>
<h3>Internationalization</h3>
<p>
-The full version has the following locales. The tiny CD is English only, sorry but I could not fit the CD under 50MB without removing natural language support. If you'd like to see another locale for the full CD please let me know.
+The following locales are installed. If you'd like to see another locale, please let us know.
</p>
<ul>
+
+<li>ar_EG (Egyptian Arabic)</li>
<li>de_DE (German)</li>
+<li>el_GR (Greek)</li>
<li>en_GB (British English)</li>
<li>en_US (American English)</li>
<li>es_ES (Spanish)</li>
<li>fa_IR (Persian)</li>
<li>fr_FR (French)</li>
+<li>he_IL (Hebrew)</li>
<li>it_IT (Italian)</li>
<li>ja_JP (Japanese)</li>
<li>pt_PT (Portugese)</li>
+<li>ru_RU (Russian)</li>
+<li>sv_SE (Swedish)</li>
<li>zh_CN (Chinese)</li>
</ul>
@@ -282,7 +268,7 @@
<h4>The Tor™ software</h4>
<p>
-The Tor software is currently configured as a client only. The client listens on SOCKS port 9050, as a transparent proxy on port 9040 and control port 9051 (with cookie authentication). Only connections from localhost are accepted. It can be argued that running a server would increase your anonymity for a number for reasons but we still feel that most users probably would not want this.
+The Tor software is currently configured as a client only. The client listens on SOCKS port 9050 with a control port 9051 (using cookie authentication), as a transparent proxy on port 9040 and as a DNS server on port 8853. Only connections from localhost are accepted. It can be argued that running a server would increase your anonymity for a number for reasons but we still feel that most users probably would not want this due to the added consumption of bandwidth.
</p>
<ul>
@@ -291,19 +277,12 @@
<h4>Mixminion</h4>
<p>
-Mixminion cannot be configured as a server as these servers need to be very reliable. As a client the default configuration seems to be acceptable. Note that TorK has built-in support for Mixminion. KMail also has been configured to use Mixminion via a sendmail compatible shell script. In this way the signature and encryption features of KMail can be used. Thunderbird is configured to use the Mixminion SMTP server to send email.
+Mixminion cannot be configured as a server as these servers need to be very reliable. As a client the default configuration seems to be acceptable. Note that TorK has built-in support for Mixminion with an easy to use interface (lacking PGP support, unfortunately).
</p>
-<ul>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/usr/bin/sendmail-mixminion">/usr/bin/sendmail-mixminion</a></li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/mixminion/mixminion-smtp.conf">/etc/mixminion/mixminion-smtp.conf</a></li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/kdesession/kmailrc">/var/lib/kdesession/kmailrc</a> (copied to /home/__INCOGNITO_USER__/.kde/... during build)</li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/thunderbird-config">/var/lib/thunderbird-config</a> (copied to /home/__INCOGNITO_USER__/.thunderbird during build)</li>
-</ul>
-
<h4>DNS</h4>
<p>
-DNS leaks are controlled by using a local caching DNS server, pdnsd, that in turn performs its DNS lookups through the Tor network. pdnsd is the server configured in /etc/resolv.conf, listening on localhost. There is a security concerns that some application could attempt to do its own DNS resolution without consulting /etc/resolv.conf, and therefore UDP packets are blocked in order to prevent leaks. Another solution may be to use the Linux network filter to forward to the local DNS server.
+DNS leaks are controlled by using a local caching DNS server, pdnsd, that in turn performs its DNS lookups through the Tor network. pdnsd is the server configured in /etc/resolv.conf, listening on localhost. There is a security concern that some application could attempt to do its own DNS resolution without consulting /etc/resolv.conf, and therefore UDP packets are blocked in order to prevent leaks. Another solution may be to use the Linux network filter to forward UDP lookups to the local DNS server.
</p>
<ul>
@@ -311,11 +290,12 @@
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/conf.d/pdnsd">/etc/conf.d/pdnsd</a></li>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/tor/torrc">/etc/tor/torrc</a></li>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/conf.d/net">/etc/conf.d/net</a></li>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/iptables/rules-save">/var/lib/iptables/rules-save</a> (loaded by the standard Gentoo /etc/init.d/iptables service)</li>
</ul>
<h4>HTTP Proxy</h4>
<p>
-Polipo is used as the HTTP proxy. It contacts the Tor software via SOCKS5 to make the real connections.
+Polipo provides with caching HTTP proxy funtionality. It contacts the Tor software via SOCKS5 to make the real connections.
</p>
<ul>
@@ -326,7 +306,7 @@
<h4>SOCKS libraries</h4>
<p>
-tsocks and dante are installed. Note that it is unnecessary with the Linux network filter (see below) and the local DNS server to socksify or torify apps. This is done at a lower level. These libraries are here due to dependencies and configured for completeness.
+tsocks (patched for Tor usage as per the ebuild's tordns USE flag) and dante are installed. Note that it is unnecessary with the Linux network filter (see below) and the local DNS server to socksify or torify apps. This is done at a lower level. These libraries are here due to dependencies and configured for completeness.
</p>
<ul>
@@ -344,52 +324,63 @@
</p>
<ul>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/conf.d/net">/etc/conf.d/net</a> (used by tiny)</li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/init.d/macchanger">/etc/init.d/macchanger</a> (used by full)</li>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/init.d/macchanger">/etc/init.d/macchanger</a></li>
</ul>
<h4>Mozilla Firefox</h4>
<p>
-HTTP and SOCKS proxies are configured. SOCKS is configured to perform name resolution through the proxy. I started Firefox without a config, exited, and then copied the configuration directory to the CD build root. The NoScript extension has been installed.
+Firefox uses Torbutton in order to prevent attacks using JavaScript, plugins and other non-HTTP features. It is configured to be enabled on start and uses polipo as HTTP(s) proxy and Tor as SOCKS proxy. SOCKS is configured to perform name resolution through the proxy. Firefox is also configured to not cache (mainly to reduce memory usage for CD users as disk writes will be stored there), history (just in case) and many other things. The Firefox config is pretty heavily commented, so any other relevant settings may be invastigated by looking in it.
</p>
<ul>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/firefox-config/">/var/lib/firefox-config/</a> (copied to /home/__INCOGNITO_USER__/.mozilla during build)</li>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/firefox-config/firefox/o2e6y2eh.default/prefs.js">Firefox config</a></li>
</ul>
<h4>Bookmarks</h4>
<p>
-Firefox and Konqueror have preset bookmarks related to anonymity.
+Firefox have preset bookmarks related to anonymity.
</p>
<ul>
<li>Firefox: <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/firefox-config/firefox/m7m1jk79.Default%20User/bookmarks.html">bookmarks.html</a></li>
-<li>Konqueror: <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/kdesession/bookmarks.xml">bookmarks.xml</a></li>
</ul>
<h4>XChat</h4>
<p>
-XChat is configured to use the Tor software as a SOCKS5 proxy. It will pass the hostname through SOCKS5 so that the exit node does the DNS resolution.
+XChat is configured to use the Tor software as a SOCKS5 proxy. It will pass the hostname through SOCKS5 so that the exit node does the DNS resolution. In addition all ctcp responses except PING are disabled as they otherwise could disclose useragent, system time and other information.
</p>
<ul>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/xchat-config">xchat-config</a></li>
+<a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/ctcpreply.conf">ctcpreply.conf</a></li>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/fsscript.sh">fsscript.sh</a></li>
</ul>
+<h4>Pidgin</h4>
+<p>
+Pidgin is configured to not log anything and to use the Tor SOCKS proxy. Additionally the Off-the-record Messaging plugin and two IRC enhancing plugins are loaded automatically. The IRC More plugins is patched to not report useragent among and to use empty part/quit messages to prevent fingerprinting.
+</p>
+
+<ul>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/pidgin-config/prefs.xml">Pidgin config</a></li>
+<li>a href="https://tor-svn.freehaven.net/svn/incognito/trunk/portage.overlay/x11-plugins/purple-plugin_pack/files/hide-stuff.patch">hide-stuff.patch</a></li>
+</ul>
+
<h4>Network Filter</h4>
<p>
-One of the security issues is that we don't know what software will attempt to contact the network and whether their proxy settings are setup to use the Tor SOCKS proxy correctly. This is solved by forwarding all TCP connections that are not explicitly targetting the Tor proxy through a transparent proxy that in turn forwards it to the Tor proxy anyway. Linux has a kernel level network filter that accomplishes this.
+One serious security issue is that we don't know what software will attempt to contact the network and whether their proxy settings are setup to use the Tor SOCKS proxy or polipo HTTP(s) proxy correctly. This is solved by forwarding all direct TCP connections through Tor's transparent proxy. Linux has a kernel level network filter that accomplishes this.
</p>
<ul>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/iptables/rules-save">/var/lib/iptables/rules-save</a> (loaded by the standard Gentoo /etc/init.d/iptables service)</li>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/tor/torrc">/etc/tor/torrc</a></li>
</ul>
<h4>Host system RAM</h4>
<p>
-When shutting down the system RAM is securely wiped. RAM can actually be read after the machine shuts off with the right equipment. The software doing this is smem, part of the <a href="http://www.thc.org/">secure-delete</a> package. This process can take a while. If you are booting from a CD it should eject, and if you are booting from a USB drive you can remove the drive once prompted. In either case you can leave the computer and let it finish on its own.
+When shutting down the system RAM is securely wiped. RAM can actually be read after the machine shuts off with the right equipment. The software doing this is smem, part of the <a href="http://www.thc.org/">secure-delete</a> package. This process can take a while. If you are booting from a CD it should eject, and if you are booting from a USB drive you can remove the drive once prompted. In either case you can leave the computer and let it finish on its own, or simply turn it off if you are not worrie about this attack.
</p>
<ul>
@@ -399,21 +390,16 @@
<h4>Passwords</h4>
<p>
-There are two user's that are intended to be used for logins, '__INCOGNITO_USER__' and 'root'. Since this is a CD/USB the passwords are empty. This should not be a security concern because the user will remove the CD/USB when done and there should be no services allowing logins from the network.
+There are two user's that are intended to be used for logins, '__INCOGNITO_USER__' and 'root'. Since this is a CD/USB the passwords are empty. This should not be a security concern because the user will remove the CD/USB when done and there should be no services allowing logins from the network. Suggestions for mor esecure solutions are welcome, though.
</p>
<ul>
<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/fsscript.sh">fsscript.sh</a></li>
</ul>
-<h4>Running the CD from RAM</h4>
-<p>
-The tiny version gives you the menu option of running the CD/USB from RAM. During the boot process the entire CD is copied into RAM and run from there. The CD will eject at this time or you may remove the USB drive when the boot progress screen is displayed. The full CD is too large for most computers to run from RAM but if you'd like to then hit [Tab] on the boot option and add " docache" after the boot line.
-</p>
-
<h4>Running the CD from a Windows session</h4>
<p>
-__INCOGNITO__ full may be run inside a Windows session in case the computer cannot boot media. <a href="http://fabrice.bellard.free.fr/qemu/">QEMU</a> is used to run the CD in a virtual PC. CTRL-ALT-F can be used to make the virtual machine full screen. Note that this will work for Windows 2000/XP or greater. A security concern that is not covered in this case is a keystroke logger. Keystrokes still run through the host operating system and can be logged, so beware.
+__INCOGNITO__ may be run inside a Windows session in case the computer cannot boot media. <a href="http://fabrice.bellard.free.fr/qemu/">QEMU</a> is used to run the CD in a virtual PC. CTRL-ALT-F can be used to make the virtual machine full screen. Note that this will work for Windows 2000/XP or greater. A security concern that is not covered in this case is a keystroke logger. Keystrokes still run through the host operating system and can be logged, so beware.
</p>
<h3>Configuration copied from USB drive</h3>
More information about the tor-commits
mailing list