From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Marusich Subject: Re: Recommendations for browsing via Tor pre tor-browser? Date: Thu, 19 Jul 2018 20:38:56 -0700 Message-ID: <87d0viinjj.fsf@gmail.com> References: <87zhywl72t.fsf@dustycloud.org> <87muuvjwwj.fsf@gnu.org> <87tvp3l2eb.fsf@dustycloud.org> <87wotriunz.fsf@gmail.com> <87in5bi490.fsf@dustycloud.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:54903) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fgMG1-000332-JO for help-guix@gnu.org; Thu, 19 Jul 2018 23:39:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fgMFz-0001Pq-MW for help-guix@gnu.org; Thu, 19 Jul 2018 23:39:05 -0400 In-Reply-To: <87in5bi490.fsf@dustycloud.org> (Christopher Lemmer Webber's message of "Thu, 19 Jul 2018 12:23:23 -0400") List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: Christopher Lemmer Webber Cc: Devan Carpenter , help-guix --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Christopher Lemmer Webber writes: > Chris Marusich writes: > >> I know what you mean, but I think having TOR listen on localhost is >> safer than having a Guile REPL listen on localhost. In the case of >> Guile, the risk is arbitrary code execution. In the case of TOR, I >> suppose the risks might be that an attacker would be able to make >> requests over TOR from your machine. Perhaps by making such requests, >> they might also be able to infer that you are using TOR (although it's >> already possible to determine that a person is using TOR simply by >> watching their IP traffic). In any case, since TOR is functioning as a >> proxy, not a Turing-complete programming language, the things an >> attacker could do or learn by making requests from your machine to the >> localhost TOR seem limited. Compared to the risk of arbitrary code >> execution, it seems much safer to me. > > What about sending messages to a specific .onion address to unmask you? > If you send a unique request to http://foobarbaz.onion/?id=3D50108560 (or > ip=3D...) you might be able to associate a specific address. > > It may be that this is not as easily possible since I suspect Tor is not > as susceptable to a line-oriented attack, so maybe it's not a concern... > I dunno. I think you're right: the fact that a malicious actor can induce requests to your localhost endpoint is cause for concern, even if the exact methods of exploitation are not obvious. I looked into this. I learned that Firefox (and our IceCat) supports a SOCKS proxy using UNIX domain sockets [1]. If you've started TOR with a socks socket at /var/run/tor/socks-sock, you can tell IceCat (or Firefox) to use it by entering the socket path as your SOCKS proxy. Specifically, in the IceCat built by Guix, you would do this: * Click on the "hamburger menu" in the upper right (the icon looks like three fat lines stacked on top of one another). * Go to Preferences > Advanced > Connection > Settings. * Select "Manual proxy configuration". * Select SOCKS v5 (because v5, unlike v4, supports sending DNS queries through the SOCKS proxy). * Enter "file:///var/run/tor/socks-sock" in the SOCKS Host field (no quotes required). The UI still makes it seem like you need to enter a port, but you can put any value in here, and it won't matter, since UNIX domain sockets don't use ports. * Scroll to the bottom and make sure "Proxy DNS when using SOCKS v5" is checked. * Click OK. Assuming that TOR is running and the permissions on its SOCKS socket allow you access, you can browse to https://check.torproject.org/ and it should tell you that you're connected over TOR. You can also check the TOR messages sent to /var/log/messages to confirm that stuff is happening. Since using a UNIX domain socket for TOR is probably better than using a localhost endpoint, we should make it easy to run a configuration like this via the tor-service. Currently, it's a little awkward to do, since to set it up, you need to arrange for the directory that contains the socket to have certain permissions, or else TOR refuses to start. If nobody beats me to it, I could try my hand at this in a few days' time. Devan Carpenter writes: > Please keep in mind that none of the interim solutions are safe compared > to tor-browser. > > [...] > > There are some other anonymizing features that I forget now, but that's > the main one which stands out, and the point is that you should be very > cautious using another browser via Tor. For sure - I agree. However, since we don't have TOR browser yet in GuixSD, I think manually configuring IceCat to use the tor-service as a SOCKSv5 proxy is better than nothing. If we can do it over a UNIX domain socket instead of via a localhost endpoint, so much the better. Footnotes:=20 [1] https://trac.torproject.org/projects/tor/ticket/20111 =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAltRWVAACgkQ3UCaFdgi Rp2cQhAAhKZApCtDlkU4TqQktSyzHy2V4JtNwLhR0xNrgoMqish3NGy8yZvDlOHO XbXm+bfw9Z3oISyeaV66ChBHruDbwLKblcumsu4f2Doa88rEjpXpKqSQJOGzpMB4 hvq4lRlhrXIRf5qnx3oAQfVNNymip/L19s+FhUz87WA/Az8BDbMP7J23ssk0ytwv LNJ8aRZYA3M9n8oZ1/j0lYqtwwQnGrTBCOP1xUvus9dqs7UMQY9l6zzvnSYpsBI4 +5Sqx561+r7+2DC6Zc9UOyLtE5zXBawpR9b6oD4Fv4K1DRCUj6S8LmzEJGE+N2BC Zw6iVr+T0qbOIDhKb+p2z9g42IblqAfq+jEHarcQ/B81/wKRcxirYJlqOd1BjZkH Nj1gPPfvnoJoLhuJoyBqNT2LZM+g/R1DdFS44LfFA5ZMlMHvNjKe4fUdwx3W3MB0 nRHMa6a22YxdQMsBN+lQCQYv4Dg0ghI04UYX4YNnXlBrpRlCLdmZlSuRu0KzCQSf Kwx1av5v6l7qgE3hWVwGM8jGKR6bxXczly2mBS7EIHaD5FIojRlNSaGCuFL1Lspu 9JV7FM9E2XRMmi3RnCfeBrjOvtJcnrg/jbELlMOKUHsEPEChQYl4O9OQE6tlELQB ftSMwgU9iok+156pI3I+fLR0+p3b6INyTiwtBx4qxhpMJP1o55E= =r7Mw -----END PGP SIGNATURE----- --=-=-=--