[tor-dev] Using Tor as a library

Fri Mar 29 03:50:33 UTC 2013

Hi Fabio Pietrosanti:

Thanks, I appreciate your help. I will be working on this. I actually was considering to maybe provide it to the community so people could pinpoint bugs and contribute patches.

I will be studying onionbrowser. But seems they are running Tor as a thread inside the browser executing tor_main and then have the browser connect to itself using socks 5 which is somehow ugly.

This looked interesting:

 https://lists.torproject.org/pipermail/tor-talk/2011-September/021528.html

but seems Tor just evolved.

> That's the future of Tor, to be integrated as a library just like an
> encryption library into application.

Same feeling here.

Thanks for your comments Christopher Schmidt. I do appreciate to hear different points of view and know beforehand feelings of people against. Yet I disagree and I would like to argument why.

>Embedding a Tor client in another application cripples
>auditability, configurability, updateability etc. of Tor.

Not necessarily. If it is open source would be auditable.

I could dynamically link the library to let you update it on your own if you want. Also the application can be updated. But even if statically linked and not updated as the Tor network evolves the application would become unusable if the standard changes therefore killing the insecure application eventually.

Regarding configurability I could proxy your configuration to the Tor library. Since it is open you can check I am being honest or if there are bugs even if such application is not open source. (you could even override received configuration from the application)

I could let you configure the application to use embedded Tor or not, then you could use your own tor client if you want.

And this is not entirely clear to me but I believe Tor could be routed trough Tor again if you are forced to use embedded library and you are worried about it being insecure.

And in any case well you can opt in or out of the application.

Yet as a library I believe there would be increase of useability. That means Tor will be more popular. If it becomes more popular it means more support. I mean I probably wouldn't be donating a relay to the network If I weren't using Tor.

> Even worse, an application trying to outsmart
>the user by controlling Tor on its own poses a severe security risk.

Well an application using Tor as it is and properly configured could create a covert channel and totally do away with your anonymity. So I am supposing the application is not intentionally evil.

>From another standpoint every security chain is as strong as its weakest link. Usually the weak link is the user miss-configuring things and then comes the false sense of security.

As Fabio pointed earlier the DNS leak or the direct connection for example.

In any case if you want to provide arguments against I would like to hear them.

I tell you what. I don't have intentions to change Tor. I basically want to do this for me. But since I notice now it could be useful to the community and the community could be providing feedback I can make it public under the same license. So this is what I am going to do. Fork Tor under the same license and change it until I get a working library. If somebody wants to join well everybody invited. I think more hands working on it will be great. And if you want to merge it with Tor well you all can decide that later. And if you want we can cooperate directly. After all both projects would be sharing a lot of sourcecode. Many fixes and optimizations will be able to come back to Tor and the library could receive updates from the Tor project. I am thinking to name it libtor. What do you say?

I think a good approach could be to start with the ugly hack creating a clean API that would get extended over time and then change bit by bit until we get something clean.

Regards
Waldo