From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id UP3EODdCEWMqZgEAbAwnHQ (envelope-from ) for ; Fri, 02 Sep 2022 01:37:28 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id KD35NzdCEWOMCwEAG6o9tA (envelope-from ) for ; Fri, 02 Sep 2022 01:37:27 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7A6DF3B0A8 for ; Fri, 2 Sep 2022 01:37:27 +0200 (CEST) Received: from localhost ([::1]:39200 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oTtkU-00038K-Lk for larch@yhetil.org; Thu, 01 Sep 2022 19:37:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48734) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oTtkI-000386-1h for help-guix@gnu.org; Thu, 01 Sep 2022 19:37:14 -0400 Received: from cyberdimension.org ([2001:910:1314:ffff::1]:36446 helo=gnutoo.cyberdimension.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1oTtkG-0004tY-0D for help-guix@gnu.org; Thu, 01 Sep 2022 19:37:13 -0400 Received: from gnutoo.cyberdimension.org (localhost [127.0.0.1]) by cyberdimension.org (OpenSMTPD) with ESMTP id f47a0358; Thu, 1 Sep 2022 23:36:19 +0000 (UTC) Received: from primary_laptop (localhost [::1]) by gnutoo.cyberdimension.org (OpenSMTPD) with ESMTP id 77c14b68; Thu, 1 Sep 2022 23:36:19 +0000 (UTC) Date: Fri, 2 Sep 2022 01:35:43 +0200 From: Denis 'GNUtoo' Carikli To: Gottfried Cc: help-guix@gnu.org Subject: Re: tor Message-ID: <20220902013543.1b0c0737@primary_laptop> In-Reply-To: <0572b3c3-5cd6-5773-c9f5-481c905d31b7@posteo.de> References: <5f9b2c8a-ee45-451e-da86-c6944a7a910a@posteo.de> <87a67or2g7.fsf@riseup.net> <09e45c31-cce5-da97-dbc0-23975f742279@posteo.de> <87h71u9ez1.fsf@riseup.net> <92a94bf3-12a8-8743-e338-7906835c9697@posteo.de> <20220901162735.785a14c9@primary_laptop> <0572b3c3-5cd6-5773-c9f5-481c905d31b7@posteo.de> X-Mailer: Claws Mail 4.1.0 (GTK 3.24.30; i686-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/eMFMB/A6=0IFZOcJ1/X/h8H"; protocol="application/pgp-signature"; micalg=pgp-sha256 Received-SPF: pass client-ip=2001:910:1314:ffff::1; envelope-from=GNUtoo@cyberdimension.org; helo=gnutoo.cyberdimension.org X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1662075447; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=yKM9Ic74kDYucyppQJ6G8rz8sqHEaTlgMXu0+DfpXfI=; b=owVjjCSQ2eImoZLmIkpg1Rm27ap1WEJxMgl9zw3XAcA2sRowVIeYK68byAmGZtRKaOYkne gHgKjNSWzqs0pZeb/6GA0612fo/gHUCYTaSfkWRL5GB5ijf34aPGeoPi17a6tmt0EAPInL pTn4b078dhIhDyXt8+TzRSQGkAN+HtJ3dQWYMfILmC+/CkDp0vCU08roMuugeD65PVCxNA yttY6mr6ONkKjs/XtIBsgylrc9qLk+W4Er+OZQqdH1nLiqRq54W74+GiFd8neiV7L5PVUY BLChI6Q8da4yc4Ch5Kn+czHgxd72kHVPSnTqSG2ws+qDwR333q0gD1Cj1gWOXQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1662075447; a=rsa-sha256; cv=none; b=miE8oI1rK3wjXtJGpJpXUEvKwPtkxuwu++VqrCJrLB3GZf9xL0D5nFf99H6P9s22KPGV3M 1sKjQ7Yrm0fkwzUuR97WpRUoVBoyaRsxutlb7+xnrBBAeHbdz3/AaBtqAkQiTZ1pwE0kSE fy8Tx8CDrXIAWLyLLVP7wsh68K67ezEX2MhUgrCYzWL47M1f1YA1yUALpVTqPRx/VgR7M3 G2qIGjLMc+RufQhK9SkzpcXdS+bZJ/kknAf5yFDciGoMf1kx+4LGV9SLUVpia+sMOmIxXS Ywz3/1LajdMWnNa642PDCQY3xYXEXCiUS15+uH9ZCRVQrcwSgQarOarRvNNu6A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -4.18 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 7A6DF3B0A8 X-Spam-Score: -4.18 X-Migadu-Scanner: scn1.migadu.com X-TUID: ofRS2lpOhlhy --Sig_/eMFMB/A6=0IFZOcJ1/X/h8H Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Thu, 1 Sep 2022 17:35:57 +0000 Gottfried wrote: > Hi Denis, Hi, > The best would be to run Guix System and to use Tor browser in it, if=20 > needed. It probably can be done somehow, as there are external repositories for installing nonfree software on top of Guix, and so there are already known methods for installing software without modifying it much. So maybe it could be adapted to the tor-browser, and somehow generate an FSDG compliant version of the tor-browser out of it by removing or changing the text that refers to the nonfree addons repository ("Get extensions and themes on addons.mozilla.org"). Before it was harder as the addons repository was more tightly integrated into the tor-browser so the risk of removing the anonymity was bigger. In the past, I've looked for tor-browser unofficial packages for Guix but I didn't find people who did the work, but maybe I missed it. Sadly I don't have nor the time nor the knowledge to do a work like that. > So in my case: > to use the Tor browser itself, as far as I understand it right now > would be to use a virtual machine software and in it to install Tails. > Is that possible? Yes, that might be the easiest way to get it working on your computer. > Because then Tails has already safety measures and hopefully Guix is=20 > going to develope in future something to use the Tor browser somehow. In the case of either Tails or the tor-browser, people typically use the latest version, and there are 3 security levels in the Tor-browser so we end up with about 6 identifiable configurations. This is because Tails adds some add blocker to their version of the Tor Browser, and add-blockers can be distinguished. So you've got 2 possibility, multiplied by the 3 security levels. And with many users, a lot of people are in each of these 6 identifiable configurations, so it's not possible to easily identify people. The issue is that Guix requires the Guix official packages to be built from Guix. That would require the tor-browser to be built within Guix, and if for some reason there is a way to differentiate the Guix tor-browser and that not enough people use it, then the anonymity it is supposed to provide is gone. And the fact that Guix has updates all the time could potentially make that even worse as users could be scattered around a lot of different build versions. So it might actually be safer to not try to add a tor-browser package directly in Guix but either to do it outside of Guix (like in an external repository/channel) or package in Guix something like a tor-browser installer/launcher that downloads and patches the tor-browser for FSDG compliance, and does some setup to be able to run that in Guix. Another option would be to somehow convince the tor-project to package the tor-browser in Guix and use a specific Guix revision to do the official releases. But that would probably require someone with a lot of time and/or funding to do that work, and that would also require the tor-project to have more funding to be able to spend time to actually review that work. Denis. --Sig_/eMFMB/A6=0IFZOcJ1/X/h8H Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEeC+d2+Nrp/PU3kkGX138wUF34mMFAmMRQc8ACgkQX138wUF3 4mPnKBAAp0x2dt+7S4r2vsrU5WhBhkhiRJE27EXY9JIVOo9GE6d5ITsTEKv3zX7D qPu2dcUgpdvIuZhONJPL9ezSiKoD8ZwFlYgo9Rd3mP5bjIsaFc/E5Gk5lWtOeUFe I/LTSia1EKuft54Ac9tAa1s3GDqkpnQzb8GPXa5a/DHJpnRcG17dE2NT/ILT/2ZH mrm6gtz4xcDBIdmdceH0hZnmApOVMmUYOzm6LP/IIEg0gKAXuSHTpLE/VAd3/J00 z5jsGLcKcSn0u9+o3KeFQvZNC7pWJiw0uZ4LGRo1oBTT1wpqm4gjahp9uUpsYAA6 hLUQeOm6f44VRpDPeaaNhMCMzDiSqZM9FNfWcn6/srsAXgoC2rTDx8+lvBK3XoW6 nm2bdj3ZQSbJLNuzgCVVEJjqzVv4WqPGP1v3t2rI/wy1IoDbP+FB+9CkEK4bSr6D k5N61Kdttb3bnP8lrjC+veqUimIR3CxXCWiBV0Wt6C9oUQWNYkNdTVI1hKfejy1x aPMU/CykllZ1FsFhD7y5iJ512l3hqchjhAKC7BCSPmN796YFMBt+ai/c+wz7y0x0 vcgFKgxHldDVk/s7f1j1U+Ib3uP/54rNL3z38kqTTc+L74LVRSp4yLOT537e6n3K gT2JWwh2Tq1v6VZzoihR8H0hDVXBXZZc71nulln4LR3vpvBxvLg= =vcZK -----END PGP SIGNATURE----- --Sig_/eMFMB/A6=0IFZOcJ1/X/h8H--