From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id aK2dEJjEEGNrHgEAbAwnHQ (envelope-from ) for ; Thu, 01 Sep 2022 16:41:28 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id KFimEJjEEGNUBwEA9RJhRA (envelope-from ) for ; Thu, 01 Sep 2022 16:41:28 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 9AD842F5A2 for ; Thu, 1 Sep 2022 16:28:21 +0200 (CEST) Received: from localhost ([::1]:33520 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oTlB6-0001Oa-Dn for larch@yhetil.org; Thu, 01 Sep 2022 10:28:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48166) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oTlAV-0001M9-Te for help-guix@gnu.org; Thu, 01 Sep 2022 10:27:43 -0400 Received: from cyberdimension.org ([2001:910:1314:ffff::1]:38882 helo=gnutoo.cyberdimension.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1oTlAS-00068K-GO for help-guix@gnu.org; Thu, 01 Sep 2022 10:27:43 -0400 Received: from gnutoo.cyberdimension.org (localhost [127.0.0.1]) by cyberdimension.org (OpenSMTPD) with ESMTP id cf458b7a; Thu, 1 Sep 2022 14:26:53 +0000 (UTC) Received: from primary_laptop (localhost [::1]) by gnutoo.cyberdimension.org (OpenSMTPD) with ESMTP id faef9f5f; Thu, 1 Sep 2022 14:26:52 +0000 (UTC) Date: Thu, 1 Sep 2022 16:27:35 +0200 From: Denis 'GNUtoo' Carikli To: Gottfried Cc: Csepp , help-guix@gnu.org Subject: Re: tor Message-ID: <20220901162735.785a14c9@primary_laptop> In-Reply-To: <92a94bf3-12a8-8743-e338-7906835c9697@posteo.de> References: <5f9b2c8a-ee45-451e-da86-c6944a7a910a@posteo.de> <87a67or2g7.fsf@riseup.net> <09e45c31-cce5-da97-dbc0-23975f742279@posteo.de> <87h71u9ez1.fsf@riseup.net> <92a94bf3-12a8-8743-e338-7906835c9697@posteo.de> X-Mailer: Claws Mail 4.1.0 (GTK 3.24.30; i686-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/xfftRXId/yeHoZPNFKNS8ur"; protocol="application/pgp-signature"; micalg=pgp-sha256 Received-SPF: pass client-ip=2001:910:1314:ffff::1; envelope-from=GNUtoo@cyberdimension.org; helo=gnutoo.cyberdimension.org X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1662042501; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=uTZ4BEJ21B5DKj7CyWE/3IyPgGF/27o+0uFgDdL8doA=; b=KtRIiAM6whl8SHrs/E3Oik8ZHEuOs+mLtJlDxoKoBhkTFWWdpk9qgQZfvwxrCE/hRSezkY fmn6glNo6u8zutCDAF6HOKLXCH4zCADW/0Kks4ClGrsa/wNW00PverXkFfLa/pz1q3RzpI vuV0xEl3/oaiVUVMTCKL6+V064cLTH8Nk58/6KD5JyDfRyc9OeaDm2zVTVBig4Nr7Hktzv HM3PWnI7YLpjxbsfMbldhgak7VSBPsQa1N0iUkzwa1TPMiduLGc5NW7Bx8lFIwhcXWV+MR purz6+wExFemU4dEwz33FwcY+8C6lZm2Am+5TIrQChKU8pj2Dqhx2WOkV3H+gQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1662042501; a=rsa-sha256; cv=none; b=QG2vgkFD4mtDY7sCmqr71aXAbsKLXaHUtiRNhHefcpCPaU/3zVuVagiUeYNLnrIdhSVF9Z OUU94recGUPic1Sh5ExUx84JhhkPKt8zunfNCx5DFvxar9UD03Uw6S01E1inUPb53OUURY KQ/Ll6xNOdgsvWdVrWWoFTKwSZ1Bdlyxu2X3iqBAF/3whxqAYvJo+y9g0gRRfmN9xmfVMj cikxeqSqgOg2VoxIFQrVaZX0AO3yxkRZG0ZLIbkhsAuGhO0eK2NLxLoxeD4ObDSyhb7fAP fvaucv1WiJLiY5IIsZ25av+tbRjiQEtgjePvw0QO3NGmubRiN59tFNuvw1jF4g== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -4.17 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 9AD842F5A2 X-Spam-Score: -4.17 X-Migadu-Scanner: scn1.migadu.com X-TUID: R6iS0axbIWEB --Sig_/xfftRXId/yeHoZPNFKNS8ur Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Tue, 30 Aug 2022 18:32:26 +0000 Gottfried wrote: > As far as I understand you I can delete the package: > tor-client and tor-socks, because I have tor installed. > Am I right? tor is just a daemon that somehow connects your machine to the tor-network but it doesn't automatically route any traffic through that network. And to start it you either need to run it manually or configure it in your list of services in your system.scm with something that looks like that: >(service tor-service-type > (tor-configuration)) The tor-client only contains some utilities that are not very interesting. As for torsocks, it's an application to enable other applications to route their traffic through Tor, but in an extremely unreliable way. The Tor project documentation has been advising people not to rely on torsocks because some of the times it doesn't work at all and the application doesn't use Tor at all, even with torsocks. And in many cases, with torsocks, very important private information (like DNS querries) do not go through the Tor network. The alternative is to configure each applications to talk to the tor daemon through the socks5 protocol. And even that is not perfect because if you do that with a browser, the browser will still not be anonymous because of browser fingerprinting. But at least your location will be hidden which is already something good. Tails works by preventing almost all applications from accessing the Internet directly, and they are configured for using the Tor daemon. So if there is any application misbehaving, it's not that problematic because the only way the applications can send data is through Tor. To have something like that in Guix we would need to package the ferm firewall tool Tails used to implement this, and have users adapt the Tails ferm configuration for their usage and/or enable users to use a default configuration that is very restrictive (and so doesn't work for everybody). I've managed to relatively easily reproduce something like that on Parabola (because ferm is packaged there), but not yet to have a fully functional system with it because I didn't manage yet to run the tor-browser as another user yet, which is required for that setup to work. The issue is that we obviously need to put more resources on things like that (by funding the tor-project, having more people work on that, etc), but resources are also not easy to find. Denis. --Sig_/xfftRXId/yeHoZPNFKNS8ur Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEeC+d2+Nrp/PU3kkGX138wUF34mMFAmMQwVcACgkQX138wUF3 4mO6TA//dkv4SJ+jyXXVMs7tquVQsRDIO/4dPSQAxlzcK5STg9inIJT32dznO/cY O/2t0MhjbB5ft8TRcOhR7hFJ4cFv+JELv5Xiv3lrh9Pnim/ZS4+MGT0+lDy+0JW9 thddjaiLtVje/ZafkvYdcKf+/0qkxia9/+3soUekOCQ7hJZP/wOwS8/kuf6vJ/2t HJkRa/QblSM9ZilG6c4UI+66tcZlz3m6cWloaIqhkLzC9BCAu2NtmL+s6rjJNZkR CTyHUk14SgQZ9HLJcAN8LPVYzNLkrpzqeXRvlaEznombleQhNLW01WnGOHMS59sW v+HHFXeQf/i9bDg8iBwQcBpsBqRgR65j5lHceH5ecvi5vQBV0KtesR3Qj9EuISir WtjvomDDueRRTjuobWrlmMbKBDwvu2aTrRpiw+g4+kfLQG/5CXPZvpEdaUrkG64M DCIARvTHu1R6qYMJ/pFvpy5Cj9e2J9MC2o7CLb62Se+gcC1NhJQ8rRaMIghIGry8 WDmRjoQ6e0D7nxsxDGjdQ+nBfmBx5ODAtHHs+aiZkCxVEcJsTZXanjyyecGZktyk IMJYk3yDj9cGOZIdfNXsGuRE/cJ5AGd+EN2oCkCxRdvaLJQrsDcAcEPXCwPgbKk7 3uB/xhzkzZV4eFt2v8rxC1d0TSxtSivLDl9pU7ztf+kBtkjcs98= =kp7Y -----END PGP SIGNATURE----- --Sig_/xfftRXId/yeHoZPNFKNS8ur--