<p dir="ltr">Tor works fine for downloading large files. See applications like onionshare[0]<br></p>
<p dir="ltr">Bittorrent interacts poorly with tor from an anonymity and network bandwidth point of view. </p>
<p dir="ltr">[0]<a href="https://onionshare.org/">https://onionshare.org/</a><br><br></p>
<br><div class="gmail_quote"><div dir="ltr">On Fri, Aug 26, 2016, 2:39 PM Rob M <<a href="mailto:veryprofessionalguy@gmail.com">veryprofessionalguy@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Off topic perhaps. Is TOR suitable for downloading large files
such as subculture media (videos, podcasts, etc.) to obscure one's
social demographic? I think I heard somewhere that it should only
be used for navigating http pages and am not sure if this has
changed in recent years. <br>
</p></div><div bgcolor="#FFFFFF" text="#000000">
<br>
<div>On 08/23/2016 11:24 AM, Danukeru wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I highly recommend looking at fw-daemon by
Subgraph. Should be a solid foundation to add UDEV firewalling
and have "lil snitch"-like functionality for user prompting.
<div><br>
</div>
<div><a href="https://github.com/subgraph/fw-daemon" target="_blank">https://github.com/subgraph/fw-daemon</a><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Aug 19, 2016 at 8:02 PM,
Patrick O'Doherty <span dir="ltr"><<a href="mailto:p@trickod.com" target="_blank">p@trickod.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hey Mike!<br>
<br>
Thanks for writing up these projects. I'd be very interested
in working<br>
with you to get the udev stuff cleaned up and packaged for
debian. Are<br>
these scripts in a shareable form at the moment?<br>
<br>
I also have a spare openwrt suitable device (Netgear
WNDR3800) which I<br>
could donate to the openwrt-based project's cause, though
I've not done<br>
any mucking around w/ the openwrt internals before.<br>
<br>
Outside of specific projects like the ones you've listed,
any guidance<br>
you could provide to folks who might be interested in
contributing a<br>
patch to either little-t tor or the related software
projects on<br>
<a href="http://git.torproject.org" rel="noreferrer" target="_blank">git.torproject.org</a>
would be great! Sometimes the trac can be a little<br>
daunting with the collection of tags and old tickets making
it hard to<br>
find an "easy" first patch.<br>
<br>
p<br>
<br>
Mike Perry:<br>
<div>
<div>> Hey Noisebridgers,<br>
><br>
> I've been out of orbit for a looong time, but I've
been observing your<br>
> earth, and I would like to make a contact with
you[1].<br>
><br>
> I've been talking to Patrick O'Doherty and he
suggested it would be good<br>
> to try to set up some kind of regular Tor and/or
general cypherpunk<br>
> meetings or hack days at Noisebridge. I have a pile
of projects I'm<br>
> working on that may be interesting to folks, and I
can also help get<br>
> people up to speed with Tor development and build
processes, how to<br>
> write patches, and familiarize people with Tor
codebases and Tor<br>
> functionality for use in their own projects.<br>
><br>
> This is a long email. The TL;DR is that I'm looking
for people to tell<br>
> me what sort of stuff they would be interested in
working on or learning<br>
> about at these meetings, so I can try to serve that
audience better and<br>
> keep things focused.<br>
><br>
> I'm giving a ton of detailed examples based on
stuff I've been hacking<br>
> on on the side. Let me know either on or off-list
if you find any of<br>
> these projects interesting and would like to work
on any of them. Please<br>
> also suggest your own projects/ideas on-list, and
please also +1 other's<br>
> topics as well.<br>
><br>
> I'm hoping that the projects we work on can be
featured on Tor Labs,<br>
> which is a website we're launching that is meant to
showcase prototypes<br>
> and external projects that make interesting use of
Tor, or that may<br>
> otherwise be of interest to Tor hobbyists. Tor has
a lot of eyes on it,<br>
> and I think we should make use of that attention to
get more people<br>
> excited about the great work that folks do outside
of the official Tor<br>
> organization.<br>
><br>
><br>
> Here's some of the stuff I've been working on:<br>
><br>
> # A Tor Phone prototype based on CopperHeadOS<br>
><br>
> Since I wrote my writeup of a prototype
Tor/Cypherpunk/Wingnut Phone[2],<br>
> a lot of cool stuff has been done by volunteers and
the wider Android<br>
> community. Cédric Jeanneret adapted my pile of
half-insane Droidwall<br>
> hacks into the rather slick OrWall[3], Patrick
Connolly transformed the<br>
> manual install process into an update.zip[4], and
some Toronto hackers<br>
> created CopperHeadOS[5] - a hardened Android
rebuild using grsec and<br>
> several hardening additions, including verified
boot[6].<br>
><br>
> Unfortunately, CopperHeadOS does not support Google
Apps, MicroG[7] (the<br>
> FLOSS replacement for Google Services), or
SuperUser. You can hack this<br>
> stuff in via sideloading, but then you lose
verified boot. So I'm<br>
> working on a pile of scripts to try to shove this
stuff in to the<br>
> official CopperHead release images, and re-sign
them with new keys. That<br>
> way, you don't have to give up security to be able
to use apps with Tor,<br>
> or to use apps that require Google Play Services
(such as Signal).<br>
><br>
> Ideally, long-term we'd either restrict root access
to just OrWall, or<br>
> diagnose why the VPN APIs in Android/Orbot leak
traffic like crazy (see<br>
> below for a fun related router project to help with
this).<br>
><br>
> To work on this project, you'll need a Nexus 9, 5X,
or 6P device.<br>
><br>
><br>
> # A udev-based USB firewall<br>
><br>
> I wrote a crappy pile of shell scripts that act as
a USB device ID<br>
> (model + serial number) whitelist, to provide
vulnerability surface<br>
> reduction against USB device driver exploits and
attacks like BadUSB.<br>
><br>
> The scripts work for me, but maybe we should try to
make this into a<br>
> debian package with easier configuration or
something.<br>
><br>
><br>
> # CFC/No More 404s/Resurrect Pages<br>
><br>
> Cloudflare captchas and Tor bans are annoying,
especially if all you<br>
> want to do is read something.<br>
><br>
> Yawning Angel at the Tor Project has been working
on a Tor Browser addon<br>
> to automatically fetch pages that are blocked by
CloudFlare/other<br>
> captchas from <a href="http://archive.is/archive.org" rel="noreferrer" target="_blank">archive.is/archive.org</a>. It needs a
UI and some general<br>
> usability improvements:<br>
> <a href="https://git.schwanenlied.me/yawning/cfc" rel="noreferrer" target="_blank">https://git.schwanenlied.me/yawning/cfc</a><br>
><br>
> We could also adapt the official Firefox addons No
More 404s or<br>
> Resurrect Pages, depending on how they work.<br>
><br>
><br>
> # Better Tor Browser support for SSH exits/private
Tor exits<br>
><br>
> Related to the Captcha and ban problem, I hacked up
some prefs and env<br>
> vars to make it possible to chain an SSH SOCKS -D
proxy after Tor, so<br>
> that it is possible to access sites that completely
ban Tor with strong<br>
> pseudonymity: <a href="https://trac.torproject.org/projects/tor/ticket/16917" rel="noreferrer" target="_blank">https://trac.torproject.org/projects/tor/ticket/16917</a><br>
><br>
> We could give this thing a UI. As a more involved
project, we could<br>
> patch Tor to support "Tor Exit Bridges": ie Tor
"bridges" that have an<br>
> exit policy and can be used instead of public
exits.<br>
><br>
><br>
> # OpenWRT-based Tor Firewall<br>
><br>
> I have a prototype Tor Router based on OpenWRT that
only lets Tor<br>
> traffic through, and acts as a wifi firewall. It is
based on<br>
> <a href="https://wiki.openwrt.org/toh/tp-link/tl-mr3040" rel="noreferrer" target="_blank">https://wiki.openwrt.org/toh/tp-link/tl-mr3040</a>,
and uses the LEDs to<br>
> tell you if anything on your computer has tried to
bypass Tor, if<br>
> anything on the local network has tried to make a
TCP connection to you,<br>
> or if anything has sent a ping/UDP packet at you.
I've arranged these<br>
> LEDs as a sort of "hitpoint" bar, so that the UDP
LED is the farthest<br>
> out, then the TCP connect-back LED, and then the
Tor bypass led is<br>
> closest in. It is rather amusing to use this thing
at hacker events to<br>
> watch how fast stuff happens to you. Since the
MR3040 also has an<br>
> ethernet jack, you can use it to prevent exposing
your laptop's wifi<br>
> firmware to hostile networks, by putting the router
into client mode and<br>
> routing through ethernet. The router firmware
supports concurrent client<br>
> and host wifi operation, so that you can have the
device still provide<br>
> firewalling to devices that only support wifi by
creating your own<br>
> personal access point on one side of the firewall,
and acting as a wifi<br>
> client on the other.<br>
><br>
> It is also very useful for helping to debug proper
behavior of Tor<br>
> applications (especially mobile/embedded apps), so
that leaks are<br>
> quickly apparent to you.<br>
><br>
> This device is different than other Tor-enabled
routers (such as NetAid<br>
> and Anonabox, etc) because it is primarily meant to
function as an<br>
> additional security layer, not just something that
blindly shoves all<br>
> your traffic through Tor.<br>
><br>
> The device has switches on it, so it can be easily
switched between<br>
> different modes.<br>
><br>
> Areas of improvement for this project:<br>
><br>
> ii). It would be cool to make some kind of REST
negotiation API with Tor<br>
> Browser, so that this device could pick
bridges or guard nodes for<br>
> Tor Browser, tell Tor Browser about them, and
ensure that only<br>
> these bridges or guard nodes were used (as a
security layer).<br>
><br>
> ii). Various UI work to make it easier to
configure through a web UI.<br>
> Maybe borrowing ideas or sharing code with <a href="https://netaidkit.net/" rel="noreferrer" target="_blank">https://netaidkit.net/</a>,<br>
> or maybe just sticking to the OpenWRT UI.<br>
><br>
> iii). It might be nice to also have a VPN on here
as an option via one of<br>
> the switches, so that traffic that was not
destined to Tor was<br>
> VPN'ed instead of dropped. This will require
some hacking with<br>
> OpenWRT image creator, since there is not
enough space for a VPN in<br>
> the default images for the device.<br>
><br>
> To work on this project, you will need an OpenWRT
compatible router. It<br>
> doesn't have to be the MR3040, I just like that one
because it has a<br>
> battery and LEDs :). If there is enough interest, I
can also bring a<br>
> pile of old routers I have lying around, as well.<br>
><br>
><br>
> # Reproducible build help with your Tor/Cypherpunk
Project<br>
><br>
> If you're making security tools, build security is
very important. I can<br>
> help people work towards ensuring their projects
can be build<br>
> reproducibly. We can also discuss various opsec
considerations for<br>
> signing key material, and build security for
projects that are a long<br>
> way away from being able to build reproducibly.<br>
><br>
><br>
> # Your idea here!<br>
><br>
> Please, suggest stuff you want to work on. Maybe I
can help. Or if not,<br>
> maybe someone else can!<br>
><br>
><br>
><br>
> 1. <a href="https://www.youtube.com/watch?v=teBV0EoJJY8" rel="noreferrer" target="_blank">https://www.youtube.com/watch?v=teBV0EoJJY8</a><br>
> 2. <a href="https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy" rel="noreferrer" target="_blank">https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy</a><br>
> 3. <a href="https://github.com/EthACKdotOrg/orWall" rel="noreferrer" target="_blank">https://github.com/EthACKdotOrg/orWall</a><br>
> 4. <a href="https://github.com/patcon/mission-impossible-android" rel="noreferrer" target="_blank">https://github.com/patcon/mission-impossible-android</a><br>
> 5. <a href="https://copperhead.co/android/" rel="noreferrer" target="_blank">https://copperhead.co/android/</a><br>
> 6. <a href="https://source.android.com/security/verifiedboot/verified-boot.html" rel="noreferrer" target="_blank">https://source.android.com/security/verifiedboot/verified-boot.html</a><br>
> 7. <a href="https://microg.org/" rel="noreferrer" target="_blank">https://microg.org/</a><br>
><br>
><br>
><br>
</div>
</div>
<div>
<div>> _______________________________________________<br>
> Noisebridge-discuss mailing list<br>
> <a href="mailto:Noisebridge-discuss@lists.noisebridge.net" target="_blank">Noisebridge-discuss@lists.noisebridge.net</a><br>
> <a href="https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss" rel="noreferrer" target="_blank">https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss</a><br>
><br>
<br>
</div>
</div>
<br>
_______________________________________________<br>
Noisebridge-discuss mailing list<br>
<a href="mailto:Noisebridge-discuss@lists.noisebridge.net" target="_blank">Noisebridge-discuss@lists.noisebridge.net</a><br>
<a href="https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss" rel="noreferrer" target="_blank">https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Noisebridge-discuss mailing list
<a href="mailto:Noisebridge-discuss@lists.noisebridge.net" target="_blank">Noisebridge-discuss@lists.noisebridge.net</a>
<a href="https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss" target="_blank">https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss</a>
</pre>
</blockquote>
<br>
</div>
_______________________________________________<br>
Noisebridge-discuss mailing list<br>
<a href="mailto:Noisebridge-discuss@lists.noisebridge.net" target="_blank">Noisebridge-discuss@lists.noisebridge.net</a><br>
<a href="https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss" rel="noreferrer" target="_blank">https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss</a><br>
</blockquote></div>