[tor-dev] GSOC 2017: Proposal for anon-connection-wizard (anonym)

Mon Mar 27 15:50:44 UTC 2017

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

anonym:
> I might be misunderstanding what you and Patrick mean with 
> "impossible" (or rather, which use cases are impossible) w.r.t. 
> using Tor Launcher outside of the Tor Browser; Tails uses the Tor 
> Launcher shipped in Tor Browser, but it's run as a stand-alone XUL 
> application (`firefox --app ...`), so the *web* browser isn't
> started as part of it. [1] One could even run it using
> Iceweasel/Firefox, i.e. completely without Tor Browser.
> 
Thank you very much for your explaination, anonym! I did find my words
misleading here. I have corrected my mistakes. How do you like this one:
"
Currently, the Tor Launcher is shipped with the Tor Browser Bundle and
heavily relies on the Tor Browser for its implementation. Although
thanks to the great
efforts([[1]](https://git-tails.immerda.ch/tails/tree/config/chroot_loca
l-hooks/06-adduser_tor-launcher?h=devel),
[[2]](https://git-tails.immerda.ch/tails/tree/config/chroot_local-hooks/
10-tbb?h=devel),
[[3]](https://git-tails.immerda.ch/tails/tree/config/chroot_local-includ
es/usr/local/sbin/tails-tor-launcher?h=devel),
[[4]](https://git-tails.immerda.ch/tails/tree/config/chroot_local-includ
es/usr/local/bin/tor-launcher?h=devel))
of Tails, the Tor Launcher can be run as a stand-alone XUL application
currently, since the XUL will not be supported by mozilla in Firefox
ESR branch [some time next
year](https://blog.mozilla.org/addons/2016/11/23/add-ons-in-2017/),
that implementation may not work for a long time. Beiseds, I agree
with the Whonix core developer Patrick Schleizer that "the Tor Browser
Bundle has its kind of users. system Tor (refers to Tor from
packages.debian.org or deb.torproject.org) users, where Tor runs as
daemon, is used in different ways for different purposes".

Therefore, although anon-connection-wizard is a Python-clone of the
Tor luancher, since all its dependencies are already in Debian and
already packaged, it can still serve as a really useful tool for the
system Tor users or a loose coupling substituition to the Tor Launcher.
"
> That said, this approach will not be viable any more some time next
>  year when the Firefox ESR branch drops XUL support and Tor
> Launcher is deprecated upstream.
Thank you so much for pointing out the fact. It makes the
anon-connection-wizard project even more meaningful and helpful because
it may serve as a substitution to the Tor Launcher in the future. I
have add the point to my proposal!

> It remains to see how the replacement of Tor Launcher will look,
> it might still work for Tails. However, if anon-connection-wizard
> would be a (more or less) drop-in replacement for Tor Launcher in
> Tails, that would be immensely helpful since we'd have a solution
> that will be guaranteed to work for us without much work.
I am really glad to hear that my project may potentially be helpful to
Tails. If this can happen one day in the future, it can benifit even
more Tor users.
> And I guess as long as the UX is more or less identical to the new 
> Tor Launcher and rapidly adapts to changes, and there are good 
> translations, we'd probably prefer it over the new Tor Launcher, 
> since it probably will be even harder to decouple from the web 
> browser.
The UX is a main part of the anon-connection-wizard proposal. During the
summer, I will mainly focus on the improvement of verbal instructions
and the user interface instructions in anon-connection-wizard. Patrick
has helped me to get the latest paper by Linda on tor-launcher
usability, so that I can redesign the anon-connection-wizard basing on
some solid research findings. Please look forward to it :)

I am not worried too much about the translation actually. If the
anon-connection-wizard is good and useful enough, maybe I can turn to
the Tor Project translation
[team](https://www.transifex.com/otf/torproject/) for help. The team is
very efficient and active.

BTW could you please tell me where I can find more about the development
progress of the new Tor Launcher? I believe some communication and
collaboration between us will be benefitial to both the
anon-connection-wizard and the new Tor Launcher. Thank you very much!

> 
> Any way, I also see potential for future collaboration between 
> Whonix and Tails for extending the usefulness of 
> anon-connection-wizard beyond what Tor Launcher (and its
> replacement) offers [2];
This can be a really good point! If you don't mind, I would like to
quote your idea as the "future work" in my proposal.

> anon-connection-wizard targets the OS, not just a single 
> application, so it could integrate the choices of network 
> configuration (wired? which wireless network? MAC spoofing?)

I agree with you that:
> "save these settings so they are restored the next time you visit
> the same network. This could potentially even be used to help
> giving users control over entry node selection to avoid persistent
> Entry Guards from leaking information about you geographical
> movement."

However, I am not sure if integrating the system-network-setting-related
configuration(like MAC spoofing) in anon-connection-wizard will be a
good idea in terms of a low coupling design. I am probably wrong but I
personally prefer considering the anon-connection-wizard only as an
graphical application to configure Tor, specifically, to configure torrc
file.

Could you please share your insights about how we should define the
anon-conncetion-wizard please? I am really looking forward to hearing
your thoughts.

> and Tor configuration (proxy? pluggable transport?) in a single
> place which probably makes more sense for users

Yes! Let's brainstorm more about the [torrc-related
setting](https://www.torproject.org/docs/tor-manual.html.en) at least!
How about the FascistFirewall setting?! Users who are not really live in
Tor-censored area should avoid using Tor Bridges for better anonymity.

> 
> Cheers!
> 
> [1] The first two scripts are parts of the build process, the two 
> latter ones are for starting it: * 
> https://git-tails.immerda.ch/tails/tree/config/chroot_local-hooks/06-a
dduser_tor-launcher?h=devel
>
>
>
> 
*
https://git-tails.immerda.ch/tails/tree/config/chroot_local-hooks/10-tbb
?h=devel
> * 
> https://git-tails.immerda.ch/tails/tree/config/chroot_local-includes/u
sr/local/sbin/tails-tor-launcher?h=devel
>
>
>
> 
*
https://git-tails.immerda.ch/tails/tree/config/chroot_local-includes/usr
/local/bin/tor-launcher?h=devel
> [2] https://tails.boum.org/blueprint/network_connection/ [3] We 
> discuss the issue of 
> https://tails.boum.org/blueprint/persistent_Tor_state/

Thank you so much for your helpful sources. I will look at them in
detail soon!

Please let me say thank you again for your feedback, anonym! I really
appreciate your help! I have revised my proposal with the help of your
feedback and I am going to send it to tor-dev mailing list in a
seperate email! Please look forward to it!