Re: Introducing Torfox 3.0.10
Please let us know when you have your fixes in place. I for one would like to have a look at it again. I'm not saying having a Tor Fox's landing page back-ending into google is bad, I was implying that *IF* you're trying to get revenue from Google Ad-sense with Tor clients, it wouldn't work well...if at all. Google is pretty picky about Ad-sense, and if you start to get too many clicks from the same IP (ie, a Tor router), then they'll mark your hits as false, refuse to payout, and possibly terminate your account. You could do users a favor and just remove the ads. :-) Do you have any build instructions to go with this? I looked at the SVN, and didn't see "glue" code that would bring this (FF, Tor, MSI creation, etc..) all together. I would like to be able to build this myself, from source. - Kyle On Thu, Jun 11, 2009 at 5:48 PM, Tor Fox wrote: > > Jacob wrote: > > What happens when you leave plugins enabled, they respect > proxy connections and then it is unset? > They have no choice but to respect them. However, Java and Flash both have > ways that still leak your IP so all plugins will be disabled along with > JavaScript. I don't mean disabled with an option either. I'm going to > hardcode the changes so it's impossible for them to become active. > > > I think it's pretty unethical to explicitly make money by using > a _tracking_ technology to profit from users who _explicitly_ do not want to > be tracked. > > I think you're overreacting just a little. It is ultimately just a browser > landing page, not much different from the default Firefox homepage and any > JavaScript that Google tries to load will be ignored just as if you were > loading from google.com directly. If you can give me an actual example of > how my page is any worse than Google.com then I will fix it ASAP. Otherwise, > I don't see an issue. >
Re: Introducing Torfox 3.0.10
Jacob wrote: > What happens when you leave plugins enabled, they respect proxy connections and then it is unset? They have no choice but to respect them. However, Java and Flash both have ways that still leak your IP so all plugins will be disabled along with JavaScript. I don't mean disabled with an option either. I'm going to hardcode the changes so it's impossible for them to become active. > I think it's pretty unethical to explicitly make money by using a _tracking_ technology to profit from users who _explicitly_ do not want to be tracked. I think you're overreacting just a little. It is ultimately just a browser landing page, not much different from the default Firefox homepage and any JavaScript that Google tries to load will be ignored just as if you were loading from google.com directly. If you can give me an actual example of how my page is any worse than Google.com then I will fix it ASAP. Otherwise, I don't see an issue.
Re: Introducing Torfox 3.0.10
Tor Fox wrote: > Kyle wrote: >> I'm not seeing the benefit of Tor Fox since Tor Browser Bundle[1] and XB > Browser[2] do the same thing your doing. Why are you trying to recreate > work that's been done already? > > It doesn't work exactly the same. > This is an understatement. :-) >> First off, you didn't even have the browser's proxy set to use Tor on port > 9060, I had to set that myself. > > You don't need to set the proxy. I've made changes at the socket level to > Firefox so that it always uses Tor. > What happens when you leave plugins enabled, they respect proxy connections and then it is unset? Do you really ensure that all binary blobs cannot make sockets? I'm not sure how to do that. Perhaps the way that you hooked the sockets, it's entirely possible? >> I noted that the Tor Fox homepage is set to use the Tor Fox search engine, > which is uses Google results, and display's google ADs right on the top of > the page. I was able to get a real IP address from my deanonymizer that > I've been working on. Further more, a few security issues exist with Tor > Fox. > Sounds like that socket hooking isn't working out. :-( > This is an initial release. I've been reading up on Torbutton and have > already added most of the features he's done. Also, there are a few things > he can't do because he has to wait for Firefox developers to fix some bugs. > I don't have that problem. > Well, you have a few problems. You have his issues (until you patch them; did you?) with Firefox. You also have his issues with content. You should consider using his plugin even if you believe his proxy setup is not needed. >> This leads me to think that you're trying to make a quick buck off of > Google ADs while leaving Tor users exposed to security exploits of would-be > evil doers or some hackers that just enjoy making a ruckus. > > The Google ads will never cover the hosting fees for the Tor relays I'm > running so I'm not making any profit. Also, this is not finished software by > far. It's the very first release so I think you're judging a little too > hasty. This is more of a proof of concept than anything else. If you read my > first post you will see that I'm not even sure there is enough interest in > this to keep developing it full time. I'm going to give it a few months and > see if it goes anywhere. Wow, seriously? That's a joke right? Is Kyle incorrect? I think it's pretty unethical to explicitly make money by using a _tracking_ technology to profit from users who _explicitly_ do not want to be tracked. Also, to not disclose this information until someone discovers it is bad. To justify it with your accounting of costs and fees is probably the only way to take that from bad to worse. Transparency is perhaps most important to me in this case. I understand offsetting costs of hosting but not at the expense of users who explicitly do not want it. :-( How will you ensure that TorFox users are protected? Will you? How will you ensure this when your interests (as you stated) are fiscally aligned against your users? That does not bode well. :-( > >> So, if you are serious about securing Tor Fox then you need to install > TorButton. Mike Perry and others have worked hard on making TorButton > secure from several different types of attacks and information leakage, > hence why it is used and trusted by many. You should have a look at the > design document for Torbutton. > > That defeats the purpose of building from the source code. I can do things > that an extension can't do and the things it can do, better. The design > document is very helpful though. > No, it does not. You can do both. You can use TorButton today to protect your users against the currently known issues. TorButton is pretty well tested and while perhaps imperfect (sorry Mike!), it's not safe to use Firefox without it. Additionally, you can _also_ build from source to patch unfixed bugs in Firefox. Please document such changes, you may find that your fixes have unintended consequences. This is something we've considered with the Tor Browser Bundle but currently, we're not too interested in forking Firefox. Personally, I haven't given up on Mozilla, I think they're going to fix the issues that Mike has discovered. Best, Jacob
Re: Introducing Torfox 3.0.10
Kyle wrote: > I'm not seeing the benefit of Tor Fox since Tor Browser Bundle[1] and XB Browser[2] do the same thing your doing. Why are you trying to recreate work that's been done already? It doesn't work exactly the same. > First off, you didn't even have the browser's proxy set to use Tor on port 9060, I had to set that myself. You don't need to set the proxy. I've made changes at the socket level to Firefox so that it always uses Tor. > I noted that the Tor Fox homepage is set to use the Tor Fox search engine, which is uses Google results, and display's google ADs right on the top of the page. I was able to get a real IP address from my deanonymizer that I've been working on. Further more, a few security issues exist with Tor Fox. This is an initial release. I've been reading up on Torbutton and have already added most of the features he's done. Also, there are a few things he can't do because he has to wait for Firefox developers to fix some bugs. I don't have that problem. > This leads me to think that you're trying to make a quick buck off of Google ADs while leaving Tor users exposed to security exploits of would-be evil doers or some hackers that just enjoy making a ruckus. The Google ads will never cover the hosting fees for the Tor relays I'm running so I'm not making any profit. Also, this is not finished software by far. It's the very first release so I think you're judging a little too hasty. This is more of a proof of concept than anything else. If you read my first post you will see that I'm not even sure there is enough interest in this to keep developing it full time. I'm going to give it a few months and see if it goes anywhere. > So, if you are serious about securing Tor Fox then you need to install TorButton. Mike Perry and others have worked hard on making TorButton secure from several different types of attacks and information leakage, hence why it is used and trusted by many. You should have a look at the design document for Torbutton. That defeats the purpose of building from the source code. I can do things that an extension can't do and the things it can do, better. The design document is very helpful though.
Re: Introducing Torfox 3.0.10
Hi, I'm not seeing the benefit of Tor Fox since Tor Browser Bundle[1] and XB Browser[2] do the same thing your doing. Why are you trying to recreate work that's been done already?First off, you didn't even have the browser's proxy set to use Tor on port 9060, I had to set that myself. I noted that the Tor Fox homepage is set to use the Tor Fox search engine, which is uses Google results, and display's google ADs right on the top of the page. I was able to get a real IP address from my deanonymizer that I've been working on. Further more, a few security issues exist with Tor Fox. - Several URI's can be used to reveal your true IP address. - All the plugins are still enable (Flash, Adobe Reader, etc..), which can lead to IP disclosure. (I stopped my review after I found this out, because one could be really pwned with all plugins enabled.) This leads me to think that you're trying to make a quick buck off of Google ADs while leaving Tor users exposed to security exploits of would-be evil doers or some hackers that just enjoy making a ruckus. So, if you are serious about securing Tor Fox then you need to install TorButton. Mike Perry and others have worked hard on making TorButton secure from several different types of attacks and information leakage, hence why it is used and trusted by many. You should have a look at the design document for Torbutton. Feel free to review this, but I for one wouldn't use it. My quick review can be found at: http://www.janusvm.com/goldy/audits/TorFox_Audit_06_10_2009.rar Best regards, Kyle Williams REFERENCES [1] https://www.torproject.org/torbrowser/ [2] https://xerobank.com/download/xb-browser/ On Wed, Jun 10, 2009 at 3:31 PM, Tor Fox wrote: > Jacob wrote: > Have you read the design document that Mike wrote about > Torbutton? No, I've done a lot of that already but some of it I hadn't > thought of. I'll make sure that Torfox offers at least those features. > > rogue browser extensions that are often installed on Windows machines Ok, > I'll make sure I disable those. > Why not use 9050? To not conflict with > other running Tors? Right. > It is important to be able to build it and > produce the same binary that you offer for download. The only thing missing > is the icons. > I'm not sure what you mean when you say that it appeals to a > different style of usage. Do you mean because it lacks a Torbutton logo, or > that it lacks Vidalia? No, I mean that you can just forget Tor is even > there. It's more like an appliance rather than an always-on service. It's > less intrusive. > We do a lot to protect users with the Tor Browser Bundle > (much of it is protection added by Torbutton), it would be a really good > idea to make sure you're familiar with those things. I agree. > I look > forward to reproducible builds! Don't forget the pgp signatures too. ;-) You > can reproduce it right now, other than the icons.
Re: Introducing Torfox 3.0.10
Hello, Jacob! You wrote to or-talk@freehaven.net on Wed, 10 Jun 2009 09:47:41 -0700: >> I think it just appeals to a different style of usage. That's the reason I >> wanted to make it anyways. I've disabled Java, set it to auto delete private >> data on shutdown, etc. I'm looking for input as far as what kinds of >> protection needs to be added. > > I'm not sure what you mean when you say that it appeals to a different > style of usage. Don't know about Tor Fox's style of usage but one of my setups is a firefox without plugins with javascript turned off going through tor via privoxy. Is torbutton really needed in such a setup? The only problem I can immediately see is css-only history stealing. Alexander Cherepanov P.S. Probably of interest to tor community: New paper by Amit Klein (Trusteer) - "Temporary user tracking in major browsers and Cross-domain information leakage and attacks". The paper is available to download from the following page: http://www.trusteer.com/temporary-user-tracking-in-major-browsers Abstract: User tracking across domains, processes (in some cases) and windows/tabs is demonstrated by exploiting several vulnerabilities in major browsers (Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, and to a limited extent Google Chrome). Additionally, new cross-domain information leakage, and cross domain attacks are described, which provide a foundation for attacks such as "in session phishing".
Re: Introducing Torfox 3.0.10
Jacob wrote: > Have you read the design document that Mike wrote about Torbutton? No, I've done a lot of that already but some of it I hadn't thought of. I'll make sure that Torfox offers at least those features. > rogue browser extensions that are often installed on Windows machines Ok, I'll make sure I disable those. > Why not use 9050? To not conflict with other running Tors? Right. > It is important to be able to build it and produce the same binary that you offer for download. The only thing missing is the icons. > I'm not sure what you mean when you say that it appeals to a different style of usage. Do you mean because it lacks a Torbutton logo, or that it lacks Vidalia? No, I mean that you can just forget Tor is even there. It's more like an appliance rather than an always-on service. It's less intrusive. > We do a lot to protect users with the Tor Browser Bundle (much of it is protection added by Torbutton), it would be a really good idea to make sure you're familiar with those things. I agree. > I look forward to reproducible builds! Don't forget the pgp signatures too. ;-) You can reproduce it right now, other than the icons.
Re: Introducing Torfox 3.0.10
Tor Fox wrote: > Jacob wrote: >> That sorta seems like a risky proposition, no? > In what way? > It doesn't appear to protect you against a variety of attacks? Have you read the design document that Mike wrote about Torbutton? https://www.torproject.org/torbutton/design/ >> Do you integrate Torbutton or something like it in some way? > > It works more like Freecap but I've added the code directly to the Firefox > socket code. > Torbutton does more than simply set a proxy. Hooking the sockets may be useful, I'm pretty sure that won't protect you against say, rogue browser extensions that are often installed on Windows machines. Those seem to pop up from time to time and we've disabled that "feature" in the Tor Browser Bundle. You may want to look into that also. >> Additionally, if Firefox only talks to Tor, do you have a control port > open? > > No, only the socks port 9060 (non-default) is open. Why not use 9050? To not conflict with other running Tors? > >> I assume I'd just find the matching files in Firefox 3.0.10 and clobber > them with your files? > > That's right. Ok. > >> How does someone replicate your builds on torfox.org? Do you plan on > publishing that too? Perhaps it would be useful to have a README.build > with patching and building information? > > After you replace the files you can build Firefox normally. Other than those > 3 source code files in the SVN I've only changed the branding stuff and > startup options. I just search and replace the string "firefox" with > "torfox" and I have some icons and graphics I've made. I have some parts I > need to automate but I will definitely add a build section and the branding > stuff for building from source. > It is important to be able to build it and produce the same binary that you offer for download. >> It seems like you're not getting much more over the current Tor > Browser Bundle. Additionally, do you take into account the > non-Torbutton protection and usability improvements that we have added? > > I think it just appeals to a different style of usage. That's the reason I > wanted to make it anyways. I've disabled Java, set it to auto delete private > data on shutdown, etc. I'm looking for input as far as what kinds of > protection needs to be added. I'm not sure what you mean when you say that it appeals to a different style of usage. Do you mean because it lacks a Torbutton logo, or that it lacks Vidalia? We do a lot to protect users with the Tor Browser Bundle (much of it is protection added by Torbutton), it would be a really good idea to make sure you're familiar with those things. I look forward to reproducible builds! Don't forget the pgp signatures too. ;-) Best, Jacob
Re: Introducing Torfox 3.0.10
Jacob wrote: > That sorta seems like a risky proposition, no? In what way? > Do you integrate Torbutton or something like it in some way? It works more like Freecap but I've added the code directly to the Firefox socket code. > Additionally, if Firefox only talks to Tor, do you have a control port open? No, only the socks port 9060 (non-default) is open. > I assume I'd just find the matching files in Firefox 3.0.10 and clobber them with your files? That's right. > How does someone replicate your builds on torfox.org? Do you plan on publishing that too? Perhaps it would be useful to have a README.build with patching and building information? After you replace the files you can build Firefox normally. Other than those 3 source code files in the SVN I've only changed the branding stuff and startup options. I just search and replace the string "firefox" with "torfox" and I have some icons and graphics I've made. I have some parts I need to automate but I will definitely add a build section and the branding stuff for building from source. > It seems like you're not getting much more over the current Tor Browser Bundle. Additionally, do you take into account the non-Torbutton protection and usability improvements that we have added? I think it just appeals to a different style of usage. That's the reason I wanted to make it anyways. I've disabled Java, set it to auto delete private data on shutdown, etc. I'm looking for input as far as what kinds of protection needs to be added.
Re: Introducing Torfox 3.0.10
Tor Fox wrote: > http://www.torfox.org/ > > Torfox is a mashup between Tor and Firefox. I’ve made changes to Firefox's > source code, at the socket level, forcing all connections to be encapsulated > with a Socks4 connection through "tor.exe". All DNS lookups are done with a > piped call to "tor-resolve.exe" to prevent DNS leaks. There is no > configuration needed for Tor. It's included in the installer. The browser > will start and stop Tor automatically on a non-default port to prevent > conflicts. I have uploaded the only changed source code files to > http://torfox.googlecode.com/svn/trunk/source/3.0.10/ and the rest can be > downloaded from Mozilla and the Tor Project. Huh. Interesting. That sorta seems like a risky proposition, no? Do you integrate Torbutton or something like it in some way? Additionally, if Firefox only talks to Tor, do you have a control port open? Also, I looked at the svn tree you published and it appears to only have three files: http://torfox.googlecode.com/svn/trunk/source/3.0.10/prnetdb.c http://torfox.googlecode.com/svn/trunk/source/3.0.10/nssinit.c http://torfox.googlecode.com/svn/trunk/source/3.0.10/w95sock.c I assume I'd just find the matching files in Firefox 3.0.10 and clobber them with your files? How does someone replicate your builds on torfox.org? Do you plan on publishing that too? Perhaps it would be useful to have a README.build with patching and building information? It seems like you're not getting much more over the current Tor Browser Bundle. Additionally, do you take into account the non-Torbutton protection and usability improvements that we have added? Best, Jacob
Introducing Torfox 3.0.10
http://www.torfox.org/ Torfox is a mashup between Tor and Firefox. I’ve made changes to Firefox's source code, at the socket level, forcing all connections to be encapsulated with a Socks4 connection through "tor.exe". All DNS lookups are done with a piped call to "tor-resolve.exe" to prevent DNS leaks. There is no configuration needed for Tor. It's included in the installer. The browser will start and stop Tor automatically on a non-default port to prevent conflicts. I have uploaded the only changed source code files to http://torfox.googlecode.com/svn/trunk/source/3.0.10/ and the rest can be downloaded from Mozilla and the Tor Project. Just overwrite the corresponding 3 files in the Firefox 3.0.10 source tree with the 3 files from the Torfox SVN. It won't compile on anything but Windows until I replace the Win32 code with platform independent versions. It's possible, in theory, since Mozilla already includes their own runtime library with PR_CreateProcess(), PR_GetHostByName(), etc. If there is enough interest from the community and volunteers willing to help code or test then I'm willing to add any requested features or changes. Otherwise, I might just leave it as is because it works perfectly for my personal use. I'm not even sure anyone will see the benefit of this over the current Tor browser bundle but personally, I like not having to worry about Tor and it is probably a little more friendly to beginners (though it would need a huge warning about HTTPS). Feel free to contact me here or at torfox@gmail.com with any questions or comments.
