[Noisebridge-discuss] Tor/Cypherpunk hack day at Noisebridge?

zaki at manian.org zaki at manian.org
Fri Aug 26 21:47:37 UTC 2016


Tor works fine for downloading large files. See applications like
onionshare[0]

Bittorrent interacts poorly with tor from an anonymity and network
bandwidth point of view.

[0]https://onionshare.org/


On Fri, Aug 26, 2016, 2:39 PM Rob M <veryprofessionalguy at gmail.com> wrote:

> Off topic perhaps.  Is TOR suitable for downloading large files such as
> subculture media (videos, podcasts, etc.) to obscure one's social
> demographic?  I think I heard somewhere that it should only be used for
> navigating http pages and am not sure if this has changed in recent years.
>
> On 08/23/2016 11:24 AM, Danukeru wrote:
>
> I highly recommend looking at fw-daemon by Subgraph. Should be a solid
> foundation to add UDEV firewalling and have "lil snitch"-like functionality
> for user prompting.
>
> https://github.com/subgraph/fw-daemon
>
> On Fri, Aug 19, 2016 at 8:02 PM, Patrick O'Doherty <p at trickod.com> wrote:
>
>> Hey Mike!
>>
>> Thanks for writing up these projects. I'd be very interested in working
>> with you to get the udev stuff cleaned up and packaged for debian. Are
>> these scripts in a shareable form at the moment?
>>
>> I also have a spare openwrt suitable device (Netgear WNDR3800) which I
>> could donate to the openwrt-based project's cause, though I've not done
>> any mucking around w/ the openwrt internals before.
>>
>> Outside of specific projects like the ones you've listed, any guidance
>> you could provide to folks who might be interested in contributing a
>> patch to either little-t tor or the related software projects on
>> git.torproject.org would be great! Sometimes the trac can be a little
>> daunting with the collection of tags and old tickets making it hard to
>> find an "easy" first patch.
>>
>> p
>>
>> Mike Perry:
>> > Hey Noisebridgers,
>> >
>> > I've been out of orbit for a looong time, but I've been observing your
>> > earth, and I would like to make a contact with you[1].
>> >
>> > I've been talking to Patrick O'Doherty and he suggested it would be good
>> > to try to set up some kind of regular Tor and/or general cypherpunk
>> > meetings or hack days at Noisebridge. I have a pile of projects I'm
>> > working on that may be interesting to folks, and I can also help get
>> > people up to speed with Tor development and build processes, how to
>> > write patches, and familiarize people with Tor codebases and Tor
>> > functionality for use in their own projects.
>> >
>> > This is a long email. The TL;DR is that I'm looking for people to tell
>> > me what sort of stuff they would be interested in working on or learning
>> > about at these meetings, so I can try to serve that audience better and
>> > keep things focused.
>> >
>> > I'm giving a ton of detailed examples based on stuff I've been hacking
>> > on on the side. Let me know either on or off-list if you find any of
>> > these projects interesting and would like to work on any of them. Please
>> > also suggest your own projects/ideas on-list, and please also +1 other's
>> > topics as well.
>> >
>> > I'm hoping that the projects we work on can be featured on Tor Labs,
>> > which is a website we're launching that is meant to showcase prototypes
>> > and external projects that make interesting use of Tor, or that may
>> > otherwise be of interest to Tor hobbyists. Tor has a lot of eyes on it,
>> > and I think we should make use of that attention to get more people
>> > excited about the great work that folks do outside of the official Tor
>> > organization.
>> >
>> >
>> > Here's some of the stuff I've been working on:
>> >
>> > # A Tor Phone prototype based on CopperHeadOS
>> >
>> > Since I wrote my writeup of a prototype Tor/Cypherpunk/Wingnut Phone[2],
>> > a lot of cool stuff has been done by volunteers and the wider Android
>> > community. Cédric Jeanneret adapted my pile of half-insane Droidwall
>> > hacks into the rather slick OrWall[3], Patrick Connolly transformed the
>> > manual install process into an update.zip[4], and some Toronto hackers
>> > created CopperHeadOS[5] - a hardened Android rebuild using grsec and
>> > several hardening additions, including verified boot[6].
>> >
>> > Unfortunately, CopperHeadOS does not support Google Apps, MicroG[7] (the
>> > FLOSS replacement for Google Services), or SuperUser. You can hack this
>> > stuff in via sideloading, but then you lose verified boot. So I'm
>> > working on a pile of scripts to try to shove this stuff in to the
>> > official CopperHead release images, and re-sign them with new keys. That
>> > way, you don't have to give up security to be able to use apps with Tor,
>> > or to use apps that require Google Play Services (such as Signal).
>> >
>> > Ideally, long-term we'd either restrict root access to just OrWall, or
>> > diagnose why the VPN APIs in Android/Orbot leak traffic like crazy (see
>> > below for a fun related router project to help with this).
>> >
>> > To work on this project, you'll need a Nexus 9, 5X, or 6P device.
>> >
>> >
>> > # A udev-based USB firewall
>> >
>> > I wrote a crappy pile of shell scripts that act as a USB device ID
>> > (model + serial number) whitelist, to provide vulnerability surface
>> > reduction against USB device driver exploits and attacks like BadUSB.
>> >
>> > The scripts work for me, but maybe we should try to make this into a
>> > debian package with easier configuration or something.
>> >
>> >
>> > # CFC/No More 404s/Resurrect Pages
>> >
>> > Cloudflare captchas and Tor bans are annoying, especially if all you
>> > want to do is read something.
>> >
>> > Yawning Angel at the Tor Project has been working on a Tor Browser addon
>> > to automatically fetch pages that are blocked by CloudFlare/other
>> > captchas from archive.is/archive.org. It needs a UI and some general
>> > usability improvements:
>> > https://git.schwanenlied.me/yawning/cfc
>> >
>> > We could also adapt the official Firefox addons No More 404s or
>> > Resurrect Pages, depending on how they work.
>> >
>> >
>> > # Better Tor Browser support for SSH exits/private Tor exits
>> >
>> > Related to the Captcha and ban problem, I hacked up some prefs and env
>> > vars to make it possible to chain an SSH SOCKS -D proxy after Tor, so
>> > that it is possible to access sites that completely ban Tor with strong
>> > pseudonymity: https://trac.torproject.org/projects/tor/ticket/16917
>> >
>> > We could give this thing a UI. As a more involved project, we could
>> > patch Tor to support "Tor Exit Bridges": ie Tor "bridges" that have an
>> > exit policy and can be used instead of public exits.
>> >
>> >
>> > # OpenWRT-based Tor Firewall
>> >
>> > I have a prototype Tor Router based on OpenWRT that only lets Tor
>> > traffic through, and acts as a wifi firewall. It is based on
>> > https://wiki.openwrt.org/toh/tp-link/tl-mr3040, and uses the LEDs to
>> > tell you if anything on your computer has tried to bypass Tor, if
>> > anything on the local network has tried to make a TCP connection to you,
>> > or if anything has sent a ping/UDP packet at you. I've arranged these
>> > LEDs as a sort of "hitpoint" bar, so that the UDP LED is the farthest
>> > out, then the TCP connect-back LED, and then the Tor bypass led is
>> > closest in. It is rather amusing to use this thing at hacker events to
>> > watch how fast stuff happens to you. Since the MR3040 also has an
>> > ethernet jack, you can use it to prevent exposing your laptop's wifi
>> > firmware to hostile networks, by putting the router into client mode and
>> > routing through ethernet. The router firmware supports concurrent client
>> > and host wifi operation, so that you can have the device still provide
>> > firewalling to devices that only support wifi by creating your own
>> > personal access point on one side of the firewall, and acting as a wifi
>> > client on the other.
>> >
>> > It is also very useful for helping to debug proper behavior of Tor
>> > applications (especially mobile/embedded apps), so that leaks are
>> > quickly apparent to you.
>> >
>> > This device is different than other Tor-enabled routers (such as NetAid
>> > and Anonabox, etc) because it is primarily meant to function as an
>> > additional security layer, not just something that blindly shoves all
>> > your traffic through Tor.
>> >
>> > The device has switches on it, so it can be easily switched between
>> > different modes.
>> >
>> > Areas of improvement for this project:
>> >
>> >  ii). It would be cool to make some kind of REST negotiation API with
>> Tor
>> >       Browser, so that this device could pick bridges or guard nodes for
>> >       Tor Browser, tell Tor Browser about them, and ensure that only
>> >       these bridges or guard nodes were used (as a security layer).
>> >
>> >  ii). Various UI work to make it easier to configure through a web UI.
>> >       Maybe borrowing ideas or sharing code with https://netaidkit.net/
>> ,
>> >       or maybe just sticking to the OpenWRT UI.
>> >
>> >  iii). It might be nice to also have a VPN on here as an option via one
>> of
>> >        the switches, so that traffic that was not destined to Tor was
>> >        VPN'ed instead of dropped. This will require some hacking with
>> >        OpenWRT image creator, since there is not enough space for a VPN
>> in
>> >        the default images for the device.
>> >
>> > To work on this project, you will need an OpenWRT compatible router. It
>> > doesn't have to be the MR3040, I just like that one because it has a
>> > battery and LEDs :). If there is enough interest, I can also bring a
>> > pile of old routers I have lying around, as well.
>> >
>> >
>> > # Reproducible build help with your Tor/Cypherpunk Project
>> >
>> > If you're making security tools, build security is very important. I can
>> > help people work towards ensuring their projects can be build
>> > reproducibly. We can also discuss various opsec considerations for
>> > signing key material, and build security for projects that are a long
>> > way away from being able to build reproducibly.
>> >
>> >
>> > # Your idea here!
>> >
>> > Please, suggest stuff you want to work on. Maybe I can help. Or if not,
>> > maybe someone else can!
>> >
>> >
>> >
>> > 1. https://www.youtube.com/watch?v=teBV0EoJJY8
>> > 2.
>> https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
>> > 3. https://github.com/EthACKdotOrg/orWall
>> > 4. https://github.com/patcon/mission-impossible-android
>> > 5. https://copperhead.co/android/
>> > 6. https://source.android.com/security/verifiedboot/verified-boot.html
>> > 7. https://microg.org/
>> >
>> >
>> >
>> > _______________________________________________
>> > Noisebridge-discuss mailing list
>> > Noisebridge-discuss at lists.noisebridge.net
>> > https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>> >
>>
>>
>> _______________________________________________
>> Noisebridge-discuss mailing list
>> Noisebridge-discuss at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>>
>>
>
>
> _______________________________________________
> Noisebridge-discuss mailing listNoisebridge-discuss at lists.noisebridge.nethttps://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20160826/be5cca1a/attachment.html>


More information about the Noisebridge-discuss mailing list