Re: net/tor - add Flavor
On Sun, Nov 15, 2015 at 09:42:23PM +0100, Uwe Werler wrote: > On Sun, Nov 15, 2015 at 08:15:57PM +0100, Stefan Sperling wrote: > > On Sun, Nov 15, 2015 at 01:32:25PM -0500, Raul Miller wrote: > > > But treating this as "extremely dangerous" without offering a path > > > forward means that people need to "roll their own" approaches when > > > faced with related needs. > > > > The way forward is use tor properly to access hidden services. > > > > tor2web was conceived in 2008 to make it easier for whistleblowers > > to use tor instead of nothing. Unfortunately in 2015 whistleblowers > > have very good reasons to use something better than tor2web. > > > > Hello Stefan, > > what do You mean with "use something better"? I'm really interested in Your > suggestion. It depends. As discussed, if tor2web is used to set up a site which receives leaks, IPs making submissions can be de-anonymized so tor2web should not be used in this case. So "something better" might be tor or something else. In the reverse scenario, where a site sends leaks obtained from who knows where out to the open internet from a hidden service location, tor2web may make sense. Or it may not. I'm not quite sure. Tor has so many edge cases as is even if both sides run Tor. I won't believe random stranger's from the internet opinions about any of this. If Pascal is not willing to put effort into maintaining a port flavour for this feature, I won't mind that in the slightest.
Re: net/tor - add Flavor
Uwe Werler wrote: > On Sun, Nov 15, 2015 at 08:15:57PM +0100, Stefan Sperling wrote: > > On Sun, Nov 15, 2015 at 01:32:25PM -0500, Raul Miller wrote: > > > But treating this as "extremely dangerous" without offering a path > > > forward means that people need to "roll their own" approaches when > > > faced with related needs. > > > > The way forward is use tor properly to access hidden services. > > > > tor2web was conceived in 2008 to make it easier for whistleblowers > > to use tor instead of nothing. Unfortunately in 2015 whistleblowers > > have very good reasons to use something better than tor2web. > > what do You mean with "use something better"? I'm really interested in > Your suggestion. I think this discussion is getting outside the scope of this mailing list. tor-t...@lists.torproject.org is probably a better place for it.
Re: net/tor - add Flavor
On Sun, Nov 15, 2015 at 08:15:57PM +0100, Stefan Sperling wrote: > On Sun, Nov 15, 2015 at 01:32:25PM -0500, Raul Miller wrote: > > But treating this as "extremely dangerous" without offering a path > > forward means that people need to "roll their own" approaches when > > faced with related needs. > > The way forward is use tor properly to access hidden services. > > tor2web was conceived in 2008 to make it easier for whistleblowers > to use tor instead of nothing. Unfortunately in 2015 whistleblowers > have very good reasons to use something better than tor2web. > Hello Stefan, what do You mean with "use something better"? I'm really interested in Your suggestion. Regards Uwe --
Re: net/tor - add Flavor
Stefan Sperling: > On Sun, Nov 15, 2015 at 01:32:25PM -0500, Raul Miller wrote: >> But treating this as "extremely dangerous" without offering a path >> forward means that people need to "roll their own" approaches when >> faced with related needs. > > The way forward is use tor properly to access hidden services. Yes, that is the default method of accessing Tor hidden services. > > tor2web was conceived in 2008 to make it easier for whistleblowers > to use tor instead of nothing. Unfortunately in 2015 whistleblowers > have very good reasons to use something better than tor2web. > Not from my understanding exactly. It's not whistleblowers using Tor2Web, but rather those accessing their hidden web site. Tor2Web is mostly a method for non-Tor users to access hidden web sites. There are contexts in which the destination needs to be hidden, but user/source access isn't. Imagine a case in which disclosures are made, and a wide audience is encouraged, such as the media, yet the destination's location needs to be hidden. This discussion has started off with the wrong premise. Yes, Tor2Web doesn't hide the source IP/user. It's not meant to. It's a bridge *into* the Tor network, in most cases a hidden web site, without any illusion of giving the source IP/user anonymity. It's a clear and conscious design decision, not a mistake or something overlooked. Regardless of Pascal's decision on this, Tor2Web is a legitimate tool from the Tor Project with specific goals, somewhat distinct from the usual premises of Tor. Let's get beyond talking about the problems with it versus using Tor Browser and recognize what it's meant for. It's a *server* service that can be employed by a Tor relay. It should be an option for those who want to use a Tor relay for that explicit purpose. g
Re: net/tor - add Flavor
On Sun, Nov 15, 2015 at 01:32:25PM -0500, Raul Miller wrote: > But treating this as "extremely dangerous" without offering a path > forward means that people need to "roll their own" approaches when > faced with related needs. The way forward is use tor properly to access hidden services. tor2web was conceived in 2008 to make it easier for whistleblowers to use tor instead of nothing. Unfortunately in 2015 whistleblowers have very good reasons to use something better than tor2web.
Re: net/tor - add Flavor
On Sun, Nov 15, 2015 at 7:15 AM, Pascal Stumpf wrote: > This is exactly one of those scenarios that are extremely dangerous. An > attacker can trivially expose whistleblowers by inspecting the traffic > at the reverse proxy's end. The danger here is that browsers send information related to messages sent in other contexts if the user has used that browser in other contexts. Browsers are deliberately security compromised to support various popular revenue models. There are some analogous issues having to do with setting up a web server and the leaky nature of development platforms. But treating this as "extremely dangerous" without offering a path forward means that people need to "roll their own" approaches when faced with related needs. (For example: write one's own web server from scratch, use a tor browser on a discardable and short lived machine which isn't used for anything else and which has no non-tor internetworking capability.) Is that what you are suggesting here? Thanks, -- Raul
Re: net/tor - add Flavor
On Sun, Nov 15, 2015 at 07:29:23AM -0500, Jiri B wrote: > IMO the potential risk is high and if I read correctly > we haven't seen any numbers how many users need this flavor, > just Uwe? :) > > j. > And now my last five ct. OpenBSD ships with *sane defaults*. Possible dangerous features You have to enable Yourself. You should know what You're doing. Tor ships with *sane defaults*: 1. You explicitely have to enable this feature and 2. You can't leave the the tor net. Find the difference. Pascal decided not to support this - it's ok. --
Re: net/tor - add Flavor
On Sun, Nov 15, 2015 at 07:29:23AM -0500, Jiri B wrote: > IMO the potential risk is high and if I read correctly > we haven't seen any numbers how many users need this flavor, > just Uwe? :) > > j. > Maybe most people don't see a real scenario for this mode. Ok. The potential risk to die is very high if You drive a car too fast or drunken. I think cars shouldn't be selled anymore to people. --
Re: net/tor - add Flavor
On Sun, Nov 15, 2015 at 01:15:03PM +0100, Pascal Stumpf wrote: > On Sat, 14 Nov 2015 21:37:08 +0100, Uwe Werler wrote: > > On Sat, Nov 14, 2015 at 08:40:40PM +0100, Pascal Stumpf wrote: > > > On Fri, 13 Nov 2015 17:37:12 -0500, Michael McConville wrote: > > > > Uwe Werler wrote: > > > > > Hello list, > > > > > > > > > > I'd like to add a Flavor to tor which allows Tor2webMode: > > > > > > > > This seems like a rare enough use-case that it probably isn't worth a > > > > flavor. > > > > > > I tend to agree. A tor2web proxy is an extremely rare configuration > > > compared to the total number of tor nodes. > > > > I don't think so 'cause it's one possible way e.g. leaking sites may run. > > This is exactly one of those scenarios that are extremely dangerous. An > attacker can trivially expose whistleblowers by inspecting the traffic > at the reverse proxy's end. If it's so *trivial* then the whole tor concept is trivial. The hidden service remains hidden and anonymously. If You are right the same is true for any tor entry or exit node. > > I'm glad if we can stop people from making such mistakes by not > providing a tor2web package. I think You are wrong. But's Your opinion. > > > I am also opposed to the whole model of making .onion sites available > > > through clearnet. Where a hidden service is needed, it is mostly for > > > content that both the content provider and the recipient may get into > > > legal trouble (or worse) in their respective jurisdictions. > > > > Yeah, maybe. I live in a country where some years ago You could be > > hung for listening BBC or radio London. There are countries in the > > world where it's illegal to read foreign newspapers or to be gay... > > > > I think it's not our businness to decide which sites people want to > > look for or not. > > > > > While > > > tor2web preserves the content provider's anonymity, it exposes the > > > (often naive) end user to uncertain risks. > > > > I tend to forbit knives 'cause naive people my cut their fingers off. > > I tend to not give machetes to kids, yes. I agree. But I think we have a dissence about which people kids are. > But still, I'm not stopping anyone from compiling their own tor2web and > deploying it. Hell, it's not even that hard to keep a local patch for > the port. That's true. > > Just don't expect any support from me. > Ok. You are the maintainer, it's Your decision. > > Or we should remove the -d switch from pfctl too. > > > > > > > > It is protected by no more than simple SSL/TLS, which makes correlation > > > attacks even easier, especially considering the very limited number of > > > .onion sites out there. An attacker can plausibly deduce the site > > > you're looking at just by inspecting the encrypted traffic. > > > > It's not to keep the user itself anonymously or a proxy e.g. > > Exactly. And thereby it goes against the fundamental idea of hidden > services, namely to keep both the client and the server anonymous. No. The idea of hidden services is to keep the service hidden. The idea of tor as a client is to hide the client. Even it's the same bin it's not automatically the same. The people of tor project developed this mode not without reason. And yes, it's dangerous for *naive* people and that's why it's not compiled in by default and there's no possibility to use it outside tor. > > > > Frankly, I don't think it's ethical to provide people with this > > > particular gun to shoot themselves in the foot (i.e. ruin their life). > > > > It's not ethical to pay taxes for governments to shoot innocent people > > in other countries. Isn't it? Or should government protect us for > > ourself? > > Irrelevant. This is about OpenBSD ports. Exactly this I meant. You argued "ethical". > > I think it's not the right place here to decide what other people > > should or shouldn't do. > > See above. Not stopping anyone from rolling their own. As You already mentioned above. > > > It is a convenience mechanism to access .onion content on the clearnet > > > that is on .onion in the first place *for a darn good reason*. > > > > This is only *one* possible scenario. I told two others which imho > > makes more sense than simply making hidden content public available. > > 2. is just as dangerous; I don't understand why you need tor2web for 3. It's my secred ;). It's possible to build a totally anonymous network on top of tor. This is the basic idea behind that. And access to ressources within this network is only possible through proxies within this private network. > > > > It also runs the risk that people will think "Tor2web" is what > > > > they need (plausible, based on the name) and thereby deanonymize > > > > themselves. > > > > > > > > > --
Re: net/tor - add Flavor
IMO the potential risk is high and if I read correctly we haven't seen any numbers how many users need this flavor, just Uwe? :) j.
Re: net/tor - add Flavor
On Sat, 14 Nov 2015 21:37:08 +0100, Uwe Werler wrote: > On Sat, Nov 14, 2015 at 08:40:40PM +0100, Pascal Stumpf wrote: > > On Fri, 13 Nov 2015 17:37:12 -0500, Michael McConville wrote: > > > Uwe Werler wrote: > > > > Hello list, > > > > > > > > I'd like to add a Flavor to tor which allows Tor2webMode: > > > > > > This seems like a rare enough use-case that it probably isn't worth a > > > flavor. > > > > I tend to agree. A tor2web proxy is an extremely rare configuration > > compared to the total number of tor nodes. > > I don't think so 'cause it's one possible way e.g. leaking sites may run. This is exactly one of those scenarios that are extremely dangerous. An attacker can trivially expose whistleblowers by inspecting the traffic at the reverse proxy's end. I'm glad if we can stop people from making such mistakes by not providing a tor2web package. > > I am also opposed to the whole model of making .onion sites available > > through clearnet. Where a hidden service is needed, it is mostly for > > content that both the content provider and the recipient may get into > > legal trouble (or worse) in their respective jurisdictions. > > Yeah, maybe. I live in a country where some years ago You could be > hung for listening BBC or radio London. There are countries in the > world where it's illegal to read foreign newspapers or to be gay... > > I think it's not our businness to decide which sites people want to > look for or not. > > > While > > tor2web preserves the content provider's anonymity, it exposes the > > (often naive) end user to uncertain risks. > > I tend to forbit knives 'cause naive people my cut their fingers off. I tend to not give machetes to kids, yes. But still, I'm not stopping anyone from compiling their own tor2web and deploying it. Hell, it's not even that hard to keep a local patch for the port. Just don't expect any support from me. > Or we should remove the -d switch from pfctl too. > > > > > It is protected by no more than simple SSL/TLS, which makes correlation > > attacks even easier, especially considering the very limited number of > > .onion sites out there. An attacker can plausibly deduce the site > > you're looking at just by inspecting the encrypted traffic. > > It's not to keep the user itself anonymously or a proxy e.g. Exactly. And thereby it goes against the fundamental idea of hidden services, namely to keep both the client and the server anonymous. > > Frankly, I don't think it's ethical to provide people with this > > particular gun to shoot themselves in the foot (i.e. ruin their life). > > It's not ethical to pay taxes for governments to shoot innocent people > in other countries. Isn't it? Or should government protect us for > ourself? Irrelevant. This is about OpenBSD ports. > I think it's not the right place here to decide what other people > should or shouldn't do. See above. Not stopping anyone from rolling their own. > > It is a convenience mechanism to access .onion content on the clearnet > > that is on .onion in the first place *for a darn good reason*. > > This is only *one* possible scenario. I told two others which imho > makes more sense than simply making hidden content public available. 2. is just as dangerous; I don't understand why you need tor2web for 3. > > > It also runs the risk that people will think "Tor2web" is what > > > they need (plausible, based on the name) and thereby deanonymize > > > themselves. > > > > >
Re: net/tor - add Flavor
On Sat, Nov 14, 2015 at 08:40:40PM +0100, Pascal Stumpf wrote: > On Fri, 13 Nov 2015 17:37:12 -0500, Michael McConville wrote: > > Uwe Werler wrote: > > > Hello list, > > > > > > I'd like to add a Flavor to tor which allows Tor2webMode: > > > > This seems like a rare enough use-case that it probably isn't worth a > > flavor. > > I tend to agree. A tor2web proxy is an extremely rare configuration > compared to the total number of tor nodes. I don't think so 'cause it's one possible way e.g. leaking sites may run. > I am also opposed to the whole model of making .onion sites available > through clearnet. Where a hidden service is needed, it is mostly for > content that both the content provider and the recipient may get into > legal trouble (or worse) in their respective jurisdictions. Yeah, maybe. I live in a country where some years ago You could be hung for listening BBC or radio London. There are countries in the world where it's illegal to read foreign newspapers or to be gay... I think it's not our businness to decide which sites people want to look for or not. > While > tor2web preserves the content provider's anonymity, it exposes the > (often naive) end user to uncertain risks. I tend to forbit knives 'cause naive people my cut their fingers off. Or we should remove the -d switch from pfctl too. > > It is protected by no more than simple SSL/TLS, which makes correlation > attacks even easier, especially considering the very limited number of > .onion sites out there. An attacker can plausibly deduce the site > you're looking at just by inspecting the encrypted traffic. It's not to keep the user itself anonymously or a proxy e.g. > Frankly, I don't think it's ethical to provide people with this > particular gun to shoot themselves in the foot (i.e. ruin their life). It's not ethical to pay taxes for governments to shoot innocent people in other countries. Isn't it? Or should government protect us for ourself? I think it's not the right place here to decide what other people should or shouldn't do. > It is a convenience mechanism to access .onion content on the clearnet > that is on .onion in the first place *for a darn good reason*. This is only *one* possible scenario. I told two others which imho makes more sense than simply making hidden content public available. > > > It also runs the risk that people will think "Tor2web" is what > > they need (plausible, based on the name) and thereby deanonymize > > themselves. > >
Re: net/tor - add Flavor
On Fri, 13 Nov 2015 17:37:12 -0500, Michael McConville wrote:
> Uwe Werler wrote:
> > Hello list,
> >
> > I'd like to add a Flavor to tor which allows Tor2webMode:
>
> This seems like a rare enough use-case that it probably isn't worth a
> flavor.
I tend to agree. A tor2web proxy is an extremely rare configuration
compared to the total number of tor nodes.
I am also opposed to the whole model of making .onion sites available
through clearnet. Where a hidden service is needed, it is mostly for
content that both the content provider and the recipient may get into
legal trouble (or worse) in their respective jurisdictions. While
tor2web preserves the content provider's anonymity, it exposes the
(often naive) end user to uncertain risks.
It is protected by no more than simple SSL/TLS, which makes correlation
attacks even easier, especially considering the very limited number of
.onion sites out there. An attacker can plausibly deduce the site
you're looking at just by inspecting the encrypted traffic.
Frankly, I don't think it's ethical to provide people with this
particular gun to shoot themselves in the foot (i.e. ruin their life).
It is a convenience mechanism to access .onion content on the clearnet
that is on .onion in the first place *for a darn good reason*.
> It also runs the risk that people will think "Tor2web" is what
> they need (plausible, based on the name) and thereby deanonymize
> themselves.
>
> > --- net/tor/Makefile.orig Fri Nov 13 05:25:33 2015
> > +++ net/tor/MakefileFri Nov 13 04:26:09 2015
> > @@ -12,6 +12,9 @@
> > # BSD
> > PERMIT_PACKAGE_CDROM= Yes
> >
> > +PSEUDO_FLAVORS = tor2web
> > +FLAVOR ?=
> > +
> > WANTLIB += c crypto event m pthread ssl z
> >
> > MASTER_SITES= https://www.torproject.org/dist/
> > @@ -22,6 +25,11 @@
> > # anyway on FRAME_GROWS_DOWN archs.
> > CONFIGURE_ARGS=--with-ssl-dir=/usr \
> > --disable-gcc-hardening
> > +
> > +.if ${FLAVOR:L:Mtor2web}
> > +CONFIGURE_ARGS += --enable-tor2web-mode
> > +.endif
> > +
> > CONFIGURE_ENV+=ac_cv_member_struct_ssl_method_st_get_cipher_by_char=no
> >
> > DB_DIR=/var/tor
> >
> > ##
> >
> > --- net/tor/pkg/DESCR.orig Fri Nov 13 05:16:53 2015
> > +++ net/tor/pkg/DESCR Fri Nov 13 05:22:06 2015
> > @@ -1,2 +1,6 @@
> > Tor is a connection-based low-latency anonymous communication system that
> > protects TCP streams: web browsing, instant messaging, irc, ssh, etc.
> > +
> > +In Tor2webMode Tor connects to hidden services non-anonymously but faster.
> > +It's useful only when running a tor2web Hidden Service web proxy or to
> > connect
> > +directly to a Hidden Service without the need of client anonymity.
> >
> > ##
> >
> > Regards Uwe
> >
> > --
> >
>
>
Re: net/tor - add Flavor
On Sat, Nov 14, 2015 at 12:53:23PM +, Stuart Henderson wrote: > On 2015/11/14 00:50, Uwe Werler wrote: > > On Sat, Nov 14, 2015 at 12:35:32AM +0100, Stefan Sperling wrote: > > > On Sat, Nov 14, 2015 at 01:05:12AM +0100, Rafael Sadowski wrote: > > > > I prefer to enable by default: > > > > > > " Using Tor2web trades off security for convenience and usability." > > > https://tor2web.org/ > > > > > > Please don't. > > > > > From man: > > > >Tor2webMode 0|1 > >When this option is set, Tor connects to hidden services > >non-anonymously. This option also disables client connections to > >non-hidden-service hostnames through Tor. It must only be used > > when > >running a tor2web Hidden Service web proxy. To enable this option > >the compile time flag --enable-tor2webmode must be specified. > >(Default: 0) > > > > I think it shouldn't be turned on per default - even if it's not enabled > > per default in config. > > > > There are three scenarios therefore this mode is usefull: > > > > 1. You want to provide a http proxy which is able to connect to tor HS for > > clients (resolving onion domains). > > 2. You want to connect a reverse proxy to a HS. > > 3. You want to inter connect two (or more) machines within the tor network > > in client-server-mode. > > > > Regards Uwe > > > > -- > > > Stuart, I fully agree - and thanks for the explanation. The last days I intensively tested tinc on top of tor in different scenarios (yeah - layer 2 via tor). With this mode enabled on the "client" machine one get's more throughput - increased by probably 40-50%. I measured rates up to 9,6 Mbps instead of max. 5 Mbps. > So we have to balance the possibility of users shooting themselves in > the foot by enabling the config option by mistake, with the possibility > that someone will build their own "--enable-tor2webmode" package and > either not update to a newer version when a security fix comes out > because packages aren't available, or that will accidentally update > to a version without this config option. > > So from what I've seen, I think that probably having this in a non- > default FLAVOR with a good but concise explanation in DESCR of what > it actually does is probably going to be the best idea. But the final > decision should rest with the maintainer. > --
Re: net/tor - add Flavor
On 2015/11/14 00:50, Uwe Werler wrote: > On Sat, Nov 14, 2015 at 12:35:32AM +0100, Stefan Sperling wrote: > > On Sat, Nov 14, 2015 at 01:05:12AM +0100, Rafael Sadowski wrote: > > > I prefer to enable by default: > > > > " Using Tor2web trades off security for convenience and usability." > > https://tor2web.org/ > > > > Please don't. > > > From man: > >Tor2webMode 0|1 >When this option is set, Tor connects to hidden services >non-anonymously. This option also disables client connections to >non-hidden-service hostnames through Tor. It must only be used when >running a tor2web Hidden Service web proxy. To enable this option >the compile time flag --enable-tor2webmode must be specified. >(Default: 0) > > I think it shouldn't be turned on per default - even if it's not enabled per > default in config. > > There are three scenarios therefore this mode is usefull: > > 1. You want to provide a http proxy which is able to connect to tor HS for > clients (resolving onion domains). > 2. You want to connect a reverse proxy to a HS. > 3. You want to inter connect two (or more) machines within the tor network in > client-server-mode. > > Regards Uwe > > -- > So we have to balance the possibility of users shooting themselves in the foot by enabling the config option by mistake, with the possibility that someone will build their own "--enable-tor2webmode" package and either not update to a newer version when a security fix comes out because packages aren't available, or that will accidentally update to a version without this config option. So from what I've seen, I think that probably having this in a non- default FLAVOR with a good but concise explanation in DESCR of what it actually does is probably going to be the best idea. But the final decision should rest with the maintainer.
Re: net/tor - add Flavor
On Sat Nov 14, 2015 at 12:35:32AM +0100, Stefan Sperling wrote: > On Sat, Nov 14, 2015 at 01:05:12AM +0100, Rafael Sadowski wrote: > > I prefer to enable by default: > > " Using Tor2web trades off security for convenience and usability." > https://tor2web.org/ > > Please don't. We are talking here about the support in our tor port: --enable-tor2web-mode support tor2web non-anonymous mode But I understand your borne in mind. Maybe a FALVOR is not the worst idea.
Re: net/tor - add Flavor
Stefan Sperling: > On Sat, Nov 14, 2015 at 01:05:12AM +0100, Rafael Sadowski wrote: >> I prefer to enable by default: > > " Using Tor2web trades off security for convenience and usability." > https://tor2web.org/ > > Please don't. > I think there's some confusion on this. Tor2Web is a tool to run *as a server for others* that allows people not using Tor (ie, Tor Browser) to access services with the .onion TLD (which looks like it now is in motion with the IETF). It's about providing a service, and is a configure option (off) on the FreeBSD port, so that your Tor server can provide Tor2Web services to other users. Yes, the source IP does not gain anonymity, but that's the point of it. The destination site, residing on the Tor network, does ostensibly retain anonymity. It's for those *without* Tor to access .onion TLDs through a Tor2Web enabled service. It is not a broken by default service in its function. The above-quoted web site description is deceptive and misses the point completely. g
Re: net/tor - add Flavor
On Sat, Nov 14, 2015 at 12:35:32AM +0100, Stefan Sperling wrote: > On Sat, Nov 14, 2015 at 01:05:12AM +0100, Rafael Sadowski wrote: > > I prefer to enable by default: > > " Using Tor2web trades off security for convenience and usability." > https://tor2web.org/ > > Please don't. > >From man: Tor2webMode 0|1 When this option is set, Tor connects to hidden services non-anonymously. This option also disables client connections to non-hidden-service hostnames through Tor. It must only be used when running a tor2web Hidden Service web proxy. To enable this option the compile time flag --enable-tor2webmode must be specified. (Default: 0) I think it shouldn't be turned on per default - even if it's not enabled per default in config. There are three scenarios therefore this mode is usefull: 1. You want to provide a http proxy which is able to connect to tor HS for clients (resolving onion domains). 2. You want to connect a reverse proxy to a HS. 3. You want to inter connect two (or more) machines within the tor network in client-server-mode. Regards Uwe --
Re: net/tor - add Flavor
On Sat, Nov 14, 2015 at 01:05:12AM +0100, Rafael Sadowski wrote: > I prefer to enable by default: " Using Tor2web trades off security for convenience and usability." https://tor2web.org/ Please don't.
Re: net/tor - add Flavor
On 2015/11/13 17:59, Michael McConville wrote: > Uwe Werler wrote: > > On Fri, Nov 13, 2015 at 05:37:12PM -0500, Michael McConville wrote: > > > Uwe Werler wrote: > > > > Hello list, > > > > > > > > I'd like to add a Flavor to tor which allows Tor2webMode: > > > > > > This seems like a rare enough use-case that it probably isn't worth a > > > flavor. It also runs the risk that people will think "Tor2web" is what > > > they need (plausible, based on the name) and thereby deanonymize > > > themselves. > > > > Mmh, 1. it's not enabled per default and 2. only connections to hidden > > services are allowed so You can't exit from within the tor network. > > Will people be prompted with the choice when they install tor with > pkg_add? That's what I'm concerned about. If it's done as a FLAVOR, assuming it is actually hooked into the build (which it should be), then they will be offered a choice. 1. Is this "configure option allows the user to enable the feature", or is it "configure option turns the feature on"? 2. What do packagers on other OS do? > Also, bsd.port.mk(5) says of PSEUDO_FLAVORS: > > > Its only use should be for disabling part of a multi-packages build > > Am I misunderstanding, or should it be replaced with FLAVORS here? It should be a FLAVOR not a PSEUDO_FLAVOR.
Re: net/tor - add Flavor
On Fri Nov 13, 2015 at 05:59:23PM -0500, Michael McConville wrote: > Uwe Werler wrote: > > On Fri, Nov 13, 2015 at 05:37:12PM -0500, Michael McConville wrote: > > > Uwe Werler wrote: > > > > Hello list, > > > > > > > > I'd like to add a Flavor to tor which allows Tor2webMode: > > > > > > This seems like a rare enough use-case that it probably isn't worth a > > > flavor. It also runs the risk that people will think "Tor2web" is what > > > they need (plausible, based on the name) and thereby deanonymize > > > themselves. > > > > Mmh, 1. it's not enabled per default and 2. only connections to hidden > > services are allowed so You can't exit from within the tor network. > > Will people be prompted with the choice when they install tor with > pkg_add? That's what I'm concerned about. > > Also, bsd.port.mk(5) says of PSEUDO_FLAVORS: > > > Its only use should be for disabling part of a multi-packages build > > Am I misunderstanding, or should it be replaced with FLAVORS here? I prefer to enable by default: Index: Makefile === RCS file: /cvs/ports/net/tor/Makefile,v retrieving revision 1.86 diff -u -p -u -p -r1.86 Makefile --- Makefile20 Jul 2015 19:55:58 - 1.86 +++ Makefile13 Nov 2015 23:04:46 - @@ -5,23 +5,25 @@ COMMENT= anonymity service using onion r DISTNAME= tor-0.2.6.10 CATEGORIES=net HOMEPAGE= https://www.torproject.org/ -REVISION= 1 +REVISION= 2 MAINTAINER=Pascal Stumpf # BSD PERMIT_PACKAGE_CDROM= Yes -WANTLIB += c crypto event m pthread ssl z +WANTLIB+= c crypto event m pthread ssl z MASTER_SITES= https://www.torproject.org/dist/ CONFIGURE_STYLE=gnu -AUTOCONF_VERSION = 2.69 +AUTOCONF_VERSION= 2.69 # PIE is already taken care of on a per-arch basis, and we have stack protection # anyway on FRAME_GROWS_DOWN archs. CONFIGURE_ARGS=--with-ssl-dir=/usr \ + --enable-tor2web-mode \ --disable-gcc-hardening + CONFIGURE_ENV+=ac_cv_member_struct_ssl_method_st_get_cipher_by_char=no DB_DIR=/var/tor Index: pkg/DESCR === RCS file: /cvs/ports/net/tor/pkg/DESCR,v retrieving revision 1.1.1.1 diff -u -p -u -p -r1.1.1.1 DESCR --- pkg/DESCR 26 Sep 2004 10:06:29 - 1.1.1.1 +++ pkg/DESCR 13 Nov 2015 23:04:46 - @@ -1,2 +1,6 @@ Tor is a connection-based low-latency anonymous communication system that protects TCP streams: web browsing, instant messaging, irc, ssh, etc. + +In Tor2webMode Tor connects to hidden services non-anonymously but faster. +It's useful only when running a tor2web Hidden Service web proxy or to connect +directly to a Hidden Service without the need of client anonymity.
Re: net/tor - add Flavor
Uwe Werler wrote: > On Fri, Nov 13, 2015 at 05:37:12PM -0500, Michael McConville wrote: > > Uwe Werler wrote: > > > Hello list, > > > > > > I'd like to add a Flavor to tor which allows Tor2webMode: > > > > This seems like a rare enough use-case that it probably isn't worth a > > flavor. It also runs the risk that people will think "Tor2web" is what > > they need (plausible, based on the name) and thereby deanonymize > > themselves. > > Mmh, 1. it's not enabled per default and 2. only connections to hidden > services are allowed so You can't exit from within the tor network. Will people be prompted with the choice when they install tor with pkg_add? That's what I'm concerned about. Also, bsd.port.mk(5) says of PSEUDO_FLAVORS: > Its only use should be for disabling part of a multi-packages build Am I misunderstanding, or should it be replaced with FLAVORS here?
Re: net/tor - add Flavor
On Fri, Nov 13, 2015 at 05:37:12PM -0500, Michael McConville wrote:
> Uwe Werler wrote:
> > Hello list,
> >
> > I'd like to add a Flavor to tor which allows Tor2webMode:
>
> This seems like a rare enough use-case that it probably isn't worth a
> flavor. It also runs the risk that people will think "Tor2web" is what
> they need (plausible, based on the name) and thereby deanonymize
> themselves.
Mmh, 1. it's not enabled per default and 2. only connections to hidden
services are allowed so You can't exit from within the tor network.
>
> > --- net/tor/Makefile.orig Fri Nov 13 05:25:33 2015
> > +++ net/tor/MakefileFri Nov 13 04:26:09 2015
> > @@ -12,6 +12,9 @@
> > # BSD
> > PERMIT_PACKAGE_CDROM= Yes
> >
> > +PSEUDO_FLAVORS = tor2web
> > +FLAVOR ?=
> > +
> > WANTLIB += c crypto event m pthread ssl z
> >
> > MASTER_SITES= https://www.torproject.org/dist/
> > @@ -22,6 +25,11 @@
> > # anyway on FRAME_GROWS_DOWN archs.
> > CONFIGURE_ARGS=--with-ssl-dir=/usr \
> > --disable-gcc-hardening
> > +
> > +.if ${FLAVOR:L:Mtor2web}
> > +CONFIGURE_ARGS += --enable-tor2web-mode
> > +.endif
> > +
> > CONFIGURE_ENV+=ac_cv_member_struct_ssl_method_st_get_cipher_by_char=no
> >
> > DB_DIR=/var/tor
> >
> > ##
> >
> > --- net/tor/pkg/DESCR.orig Fri Nov 13 05:16:53 2015
> > +++ net/tor/pkg/DESCR Fri Nov 13 05:22:06 2015
> > @@ -1,2 +1,6 @@
> > Tor is a connection-based low-latency anonymous communication system that
> > protects TCP streams: web browsing, instant messaging, irc, ssh, etc.
> > +
> > +In Tor2webMode Tor connects to hidden services non-anonymously but faster.
> > +It's useful only when running a tor2web Hidden Service web proxy or to
> > connect
> > +directly to a Hidden Service without the need of client anonymity.
> >
> > ##
> >
> > Regards Uwe
> >
> > --
> >
--
Re: net/tor - add Flavor
Uwe Werler wrote:
> Hello list,
>
> I'd like to add a Flavor to tor which allows Tor2webMode:
This seems like a rare enough use-case that it probably isn't worth a
flavor. It also runs the risk that people will think "Tor2web" is what
they need (plausible, based on the name) and thereby deanonymize
themselves.
> --- net/tor/Makefile.orig Fri Nov 13 05:25:33 2015
> +++ net/tor/MakefileFri Nov 13 04:26:09 2015
> @@ -12,6 +12,9 @@
> # BSD
> PERMIT_PACKAGE_CDROM= Yes
>
> +PSEUDO_FLAVORS = tor2web
> +FLAVOR ?=
> +
> WANTLIB += c crypto event m pthread ssl z
>
> MASTER_SITES= https://www.torproject.org/dist/
> @@ -22,6 +25,11 @@
> # anyway on FRAME_GROWS_DOWN archs.
> CONFIGURE_ARGS=--with-ssl-dir=/usr \
> --disable-gcc-hardening
> +
> +.if ${FLAVOR:L:Mtor2web}
> +CONFIGURE_ARGS += --enable-tor2web-mode
> +.endif
> +
> CONFIGURE_ENV+=ac_cv_member_struct_ssl_method_st_get_cipher_by_char=no
>
> DB_DIR=/var/tor
>
> ##
>
> --- net/tor/pkg/DESCR.orig Fri Nov 13 05:16:53 2015
> +++ net/tor/pkg/DESCR Fri Nov 13 05:22:06 2015
> @@ -1,2 +1,6 @@
> Tor is a connection-based low-latency anonymous communication system that
> protects TCP streams: web browsing, instant messaging, irc, ssh, etc.
> +
> +In Tor2webMode Tor connects to hidden services non-anonymously but faster.
> +It's useful only when running a tor2web Hidden Service web proxy or to
> connect
> +directly to a Hidden Service without the need of client anonymity.
>
> ##
>
> Regards Uwe
>
> --
>
