From: Philip Kaludercic <philipk@posteo.net>
To: Richard Stallman <rms@gnu.org>
Cc: akib@disroot.org, emacs-devel@gnu.org
Subject: Re: Making package.el talk over Tor
Date: Sun, 17 Dec 2023 11:51:50 +0000 [thread overview]
Message-ID: <87zfy9kpwp.fsf@posteo.net> (raw)
In-Reply-To: <E1rEhiL-000269-TZ@fencepost.gnu.org> (Richard Stallman's message of "Sat, 16 Dec 2023 22:21:13 -0500")
Richard Stallman <rms@gnu.org> writes:
> [[[ To any NSA and FBI agents reading my email: please consider ]]]
> [[[ whether defending the US Constitution against all enemies, ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
> > 185.220.101.26 - - [14/Dec/2023:13:04:00 +0100] "GET /test HTTP/1.1" 301 169 "https://amodernist.com/" "URL/Emacs Emacs/30.0.50 (PureGTK; x86_64-pc-linux-gnu)"
>
> > As you can see the User-Agent indicates that I am using Emacs, what
> > version and even my architecture. Compare that to the user agent that
> > you'd regularly encounter from an average browser:
>
> We should (1) let users specify what User-Agent to send,
That is already possible using the `url-user-agent' user option.
> and (2) maybe
> choose a different default.
1+
> Icecat, by default, identifies itself as some widely used proprietary
> browser running on Windows.
While helpful, it could also be dangerous if the server decides to send
the user content that only a widely used proprietary browser running on
Windows could process.
> > Other than the user-agent, there are certainly other bits of behaviour
> > that a malicious actor can use to track a user, such as the order in
> > which HTTP headers are transmitted, the size of chunks by which the
> > client sends and receives data and of course what requests aren't being
> > sent (e.g. due to a lack of Javascript in EWW).
>
> We could work on making Emacs-based browsing more similar to the most
> common browsers, in such aspects of visible behavior.
>
> > and of course what requests aren't being
> > sent (e.g. due to a lack of Javascript in EWW).
>
> Compareed with the harm done by _running_ the page's Javascript,
> giving evidence of not running Javascript is arguably a far lesser
> evil.
The way I see this, this is a security/privacy vs freedom issue. If you
really want to blend in, you have to behave the way most people do.
> That said, one important method for preventing sites from effectively
> profiling you is to connect to them through Tor. In fact, connecting
> directly enables OTHERS that observe your network traffic to figure
> out what you are talking to!
Tor hides your IP address, in which sense it acts like a trusted VPN
service, but I am just trying to emphasise that (in general) just using
Tor as a transport layer can give users a false sense of security.
> That is why I want to connect to the Emacs package repo via Tor.
> I am not worried about being profiled by the Emacs package repo!
>
> More generally, if all that distinguishes you in the actual
> interaction with a site is that you don't run the Javascript, and you
> connect through Tor, whatever site you are talking to will have
> trouble distinguishing you from other users that don't run the
> Javascript.
True, but considering how infrequent this is on a global scale, "no
Javascript" still holds a lot of information.
> > That being said: All of this doesn't matter that much for package.el,
> > since most people are accessing it via Emacs.
>
> I agree. However, these issues may have some real importance for the case
> of using EWW to look at pages _other than_ the Emacs package repo.
Right, that is where my concerns from above apply.
Richard Stallman <rms@gnu.org> writes:
> [[[ To any NSA and FBI agents reading my email: please consider ]]]
> [[[ whether defending the US Constitution against all enemies, ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
> > If you have a Tor daemon running on your system, it should provide a
> > SOCKS proxy by default,
>
> I believe it does that.
>
> meaning that you can configure every package
> > that uses url.el to go through this proxy (unless I have misunderstood
> > something):
>
> Maybe that is possible. But I know very little about sockets or how
> to use them. I would appreciate precise advice about what I should do
> to tell package.el to connect using Tor.
That was the code you quoted below with `url-gateway-method'.
> You sent this code
>
> (let ((conn
> (open-network-stream
> "test" (current-buffer) "gnu.org" "http"
> :type 'shell
> :shell-command "torsocks nc %s %p")))
> (process-send-string conn "GET / HTTP/1.0\r\n\r\n"))
>
> but I don't think that is a solution ready to use. It looks like a
> proposed approach for designing that solution.
>
> Also, the end of your message MAY mean that this approach is not
> applicable to package.el.
Yes, this was just a proof of concept integrating torsocks into a
network connection open from within Emacs.
> > If you have a Tor daemon running on your system, it should provide a
> > SOCKS proxy by default, meaning that you can configure every package
> > that uses url.el to go through this proxy (unless I have misunderstood
> > something):
>
> > --8<---------------cut here---------------start------------->8---
> > (setq url-gateway-method 'socks
> > socks-server '("Tor" "localhost" 9050 5))
> > --8<---------------cut here---------------end--------------->8---
>
> > That being said, while testing I noticed that when connecting to a
> > server I have access to, I always receive two requests, one from a Tor
> > exit node and one from my current IP address. Unless I missed something
> > obvious, that might be a bug.
>
> I await word about further progress.
I will try and look into if I am mis-configuring something, and
otherwise report a bug.
> When I know enough to be able to do it, I will add a feature to
> package.el for a user option to tell it to go through Tor always.
Stefan Kangas <stefankangas@gmail.com> writes:
> Richard Stallman <rms@gnu.org> writes:
>
>> > 185.220.101.26 - - [14/Dec/2023:13:04:00 +0100] "GET /test
>> > HTTP/1.1" 301 169 "https://amodernist.com/" "URL/Emacs
>> > Emacs/30.0.50 (PureGTK; x86_64-pc-linux-gnu)"
>>
>> > As you can see the User-Agent indicates that I am using Emacs, what
>> > version and even my architecture. Compare that to the user agent that
>> > you'd regularly encounter from an average browser:
>>
>> We should (1) let users specify what User-Agent to send, and (2) maybe
>> choose a different default.
>>
>> Icecat, by default, identifies itself as some widely used proprietary
>> browser running on Windows.
>
> Should we bump the default to 'paranoid'? Do what icecat does?
That wouldn't send any Use-Agent header at all, which is still
fingerprintable. Richard mentioned that Icecat uses a false user agent like
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.3
but that would have to be updated on a regular basis, to keep up with
whatever is being used. That being said, I don't believe that this is
enough, if we take the threat model into account that a Tor user is
operating under. In their case, it probably is the best to just use the
Tor Browser.
> Does the remote ever need to know if we're using X11 or PureGTK?
> I think they don't, and we should never add that information, in any
> configuration.
Yes, it might make sense to just add `os' to `url-privacy-level'.
>> > Other than the user-agent, there are certainly other bits of behaviour
>> > that a malicious actor can use to track a user, such as the order in
>> > which HTTP headers are transmitted, the size of chunks by which the
>> > client sends and receives data and of course what requests aren't being
>> > sent (e.g. due to a lack of Javascript in EWW).
>>
>> We could work on making Emacs-based browsing more similar to the most
>> common browsers, in such aspects of visible behavior.
>
> If you are very concerned about your privacy, it's probably better to
> browse the web using the Tor web browser and eschew Emacs altogether.
>
> How about telling users about this in the EWW manual?
1+
--
Philip Kaludercic
next prev parent reply other threads:[~2023-12-17 11:51 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-16 2:04 Making package.el talk over Tor Richard Stallman
2023-10-16 6:54 ` Akib Azmain Turja
2023-10-16 7:10 ` Emanuel Berg
2023-10-18 1:42 ` Richard Stallman
2023-11-17 3:53 ` Richard Stallman
2023-11-17 7:03 ` Philip Kaludercic
2023-11-19 3:39 ` Richard Stallman
2023-11-19 6:17 ` Eli Zaretskii
2023-12-09 4:06 ` Richard Stallman
2023-12-09 7:40 ` Eli Zaretskii
2023-12-13 4:58 ` Richard Stallman
2023-12-14 12:25 ` Philip Kaludercic
2023-12-17 3:21 ` Richard Stallman
2023-12-18 4:12 ` Richard Stallman
2023-12-18 8:05 ` Tomas Hlavaty
2023-12-18 8:10 ` Tomas Hlavaty
2023-12-21 4:20 ` Richard Stallman
2023-12-21 9:52 ` Philip Kaludercic
2023-12-21 9:55 ` Philip Kaludercic
2023-12-21 19:15 ` Tomas Hlavaty
2023-12-24 3:57 ` Richard Stallman
2023-12-24 13:36 ` Tomas Hlavaty
2023-12-24 15:19 ` Philip Kaludercic
2023-12-24 20:37 ` Tomas Hlavaty
2023-12-14 12:41 ` Philip Kaludercic
2023-12-14 12:54 ` Emanuel Berg
2023-12-14 13:06 ` Emanuel Berg
2023-12-17 3:21 ` Richard Stallman
2023-12-17 8:23 ` Stefan Kangas
2023-12-17 9:12 ` Eli Zaretskii
2023-12-17 12:02 ` Never send user email address in HTTP requests Stefan Kangas
2023-12-17 12:34 ` Eli Zaretskii
2023-12-17 14:05 ` Yuri Khan
2023-12-17 14:44 ` Eli Zaretskii
2023-12-17 17:30 ` T.V Raman
2023-12-19 3:51 ` Richard Stallman
2023-12-19 3:53 ` Making package.el talk over Tor Richard Stallman
2023-12-17 11:51 ` Philip Kaludercic [this message]
2023-12-17 14:10 ` Yuri Khan
2023-12-19 3:51 ` Richard Stallman
2023-12-19 3:52 ` Richard Stallman
2023-12-19 3:52 ` Richard Stallman
2023-11-18 3:03 ` Richard Stallman
2023-11-18 7:21 ` Eli Zaretskii
2023-11-21 2:39 ` Richard Stallman
2023-10-16 7:12 ` Stefan Kangas
2023-10-16 9:15 ` Philip Kaludercic
-- strict thread matches above, loose matches on Subject: below --
2023-12-18 14:22 Andrea Monaco
2023-12-18 14:29 ` Emanuel Berg
2023-12-18 14:49 ` F. Jason Park
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zfy9kpwp.fsf@posteo.net \
--to=philipk@posteo.net \
--cc=akib@disroot.org \
--cc=emacs-devel@gnu.org \
--cc=rms@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).