Re: [tor-dev] non-anonymous ephemeral onion services with stem

2016-12-28 Thread Micah Lee 
On 12/28/2016 12:40 PM, Yawning Angel wrote:
> On Wed, 28 Dec 2016 12:19:17 -0800
> Micah Lee  wrote:
> 
>> And when other processes connect to the Tor control port and run
>> create_ephemeral_hidden_service, those onion services wouldn't be
>> non-anonymous?
> 
> They'll be non-anonymous (as in, the options are global).  This also
> will not work if there is a SOCKS port configured.  Basically,
> unless you are launching your own copy of the tor daemon, just for
> non-anonymous HSes, it's a terrible idea to use these options in
> general.

Thank you, this is good to know!

For my specific use-case, it would be great if you could pass an
argument to ADD_ONION that makes that specific onion service
non-anonymous, without changing anything globally.

But for the time-being I won't add support for non-anonymous onion
services to OnionShare.
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] non-anonymous ephemeral onion services with stem

2016-12-28 Thread Yawning Angel 
On Wed, 28 Dec 2016 12:19:17 -0800
Micah Lee  wrote:

> And when other processes connect to the Tor control port and run
> create_ephemeral_hidden_service, those onion services wouldn't be
> non-anonymous?

They'll be non-anonymous (as in, the options are global).  This also
will not work if there is a SOCKS port configured.  Basically,
unless you are launching your own copy of the tor daemon, just for
non-anonymous HSes, it's a terrible idea to use these options in
general.

Regards,

-- 
Yawning Angel


pgpA9Ze34XqQF.pgp
Description: OpenPGP digital signature
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] non-anonymous ephemeral onion services with stem

2016-12-28 Thread Damian Johnson 
> Excellent. I'm pretty sure this will work, but can you confirm? If I'd
> like to use a non-anonymous ephemeral onion service, would code that's
> something like this work, assuming c is a Controller?
>
> c.set_conf('HiddenServiceSingleHopMode', 1)
> c.set_conf('HiddenServiceNonAnonymousMode', 1)
> c.create_ephemeral_hidden_service(8080)
>
> And when other processes connect to the Tor control port and run
> create_ephemeral_hidden_service, those onion services wouldn't be
> non-anonymous?

Good question. The non-anonymous torrc options are pretty clunky to
use. In part this is by design because the authors wanted to
discourage their use.

I thought those torrc options could only be set prior to tor starting
up (like DisableDebuggerAttachment), but on reflection the manual
doesn't say that so maybe that's not the case? However, seems you also
need to set 'SOCKSPort 0'...

https://www.torproject.org/docs/tor-manual.html.en#HiddenServiceNonAnonymousMode

If you call the above SETCONF does tor give any indication that you
need to set the SOCKSPort too? If not then it feels like it should
since that's pretty unintuitive.
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] non-anonymous ephemeral onion services with stem

2016-12-28 Thread Micah Lee 
On 12/28/2016 09:39 AM, Damian Johnson wrote:
> Oops, great catch - thanks Micah! Added a note saying how to use them...
> 
> "Version 1.5: Added support for non-anonymous services. To do so set
> 'HiddenServiceSingleHopMode 1' and 'HiddenServiceNonAnonymousMode 1'
> in your torrc."

Excellent. I'm pretty sure this will work, but can you confirm? If I'd
like to use a non-anonymous ephemeral onion service, would code that's
something like this work, assuming c is a Controller?

c.set_conf('HiddenServiceSingleHopMode', 1)
c.set_conf('HiddenServiceNonAnonymousMode', 1)
c.create_ephemeral_hidden_service(8080)

And when other processes connect to the Tor control port and run
create_ephemeral_hidden_service, those onion services wouldn't be
non-anonymous?
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] non-anonymous ephemeral onion services with stem

2016-12-28 Thread Damian Johnson 
Oops, great catch - thanks Micah! Added a note saying how to use them...

"Version 1.5: Added support for non-anonymous services. To do so set
'HiddenServiceSingleHopMode 1' and 'HiddenServiceNonAnonymousMode 1'
in your torrc."


On Wed, Dec 28, 2016 at 8:54 AM, Micah Lee  wrote:
> The stem documentation for create_ephemeral_hidden_service [1] says:
> "Changed in version 1.5.0: Added support for non-anonymous services."
>
> But I can't figure out to actually use this feature. There doesn't seem
> to be a new argument to say if you want your onion service to be
> non-anonymous.
>
> It also says, "Changed in version 1.5.0: Added the basic_auth argument."
> But there's a new basic_auth argument you can pass into the function to
> use that.
>
> [1]
> https://stem.torproject.org/api/control.html#stem.control.Controller.create_ephemeral_hidden_service
> ___
> tor-dev mailing list
> tor-dev@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

[tor-dev] non-anonymous ephemeral onion services with stem

2016-12-28 Thread Micah Lee 
The stem documentation for create_ephemeral_hidden_service [1] says:
"Changed in version 1.5.0: Added support for non-anonymous services."

But I can't figure out to actually use this feature. There doesn't seem
to be a new argument to say if you want your onion service to be
non-anonymous.

It also says, "Changed in version 1.5.0: Added the basic_auth argument."
But there's a new basic_auth argument you can pass into the function to
use that.

[1]
https://stem.torproject.org/api/control.html#stem.control.Controller.create_ephemeral_hidden_service
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev