[Noisebridge-discuss] Tor/Cypherpunk hack day at Noisebridge?

Rob M veryprofessionalguy at gmail.com
Fri Aug 26 21:39:20 UTC 2016


Off topic perhaps.  Is TOR suitable for downloading large files such as
subculture media (videos, podcasts, etc.) to obscure one's social
demographic?  I think I heard somewhere that it should only be used for
navigating http pages and am not sure if this has changed in recent years. 


On 08/23/2016 11:24 AM, Danukeru wrote:
> I highly recommend looking at fw-daemon by Subgraph. Should be a solid
> foundation to add UDEV firewalling and have "lil snitch"-like
> functionality for user prompting.
>
> https://github.com/subgraph/fw-daemon
>
> On Fri, Aug 19, 2016 at 8:02 PM, Patrick O'Doherty <p at trickod.com
> <mailto:p at trickod.com>> wrote:
>
>     Hey Mike!
>
>     Thanks for writing up these projects. I'd be very interested in
>     working
>     with you to get the udev stuff cleaned up and packaged for debian. Are
>     these scripts in a shareable form at the moment?
>
>     I also have a spare openwrt suitable device (Netgear WNDR3800) which I
>     could donate to the openwrt-based project's cause, though I've not
>     done
>     any mucking around w/ the openwrt internals before.
>
>     Outside of specific projects like the ones you've listed, any guidance
>     you could provide to folks who might be interested in contributing a
>     patch to either little-t tor or the related software projects on
>     git.torproject.org <http://git.torproject.org> would be great!
>     Sometimes the trac can be a little
>     daunting with the collection of tags and old tickets making it hard to
>     find an "easy" first patch.
>
>     p
>
>     Mike Perry:
>     > Hey Noisebridgers,
>     >
>     > I've been out of orbit for a looong time, but I've been
>     observing your
>     > earth, and I would like to make a contact with you[1].
>     >
>     > I've been talking to Patrick O'Doherty and he suggested it would
>     be good
>     > to try to set up some kind of regular Tor and/or general cypherpunk
>     > meetings or hack days at Noisebridge. I have a pile of projects I'm
>     > working on that may be interesting to folks, and I can also help get
>     > people up to speed with Tor development and build processes, how to
>     > write patches, and familiarize people with Tor codebases and Tor
>     > functionality for use in their own projects.
>     >
>     > This is a long email. The TL;DR is that I'm looking for people
>     to tell
>     > me what sort of stuff they would be interested in working on or
>     learning
>     > about at these meetings, so I can try to serve that audience
>     better and
>     > keep things focused.
>     >
>     > I'm giving a ton of detailed examples based on stuff I've been
>     hacking
>     > on on the side. Let me know either on or off-list if you find any of
>     > these projects interesting and would like to work on any of
>     them. Please
>     > also suggest your own projects/ideas on-list, and please also +1
>     other's
>     > topics as well.
>     >
>     > I'm hoping that the projects we work on can be featured on Tor Labs,
>     > which is a website we're launching that is meant to showcase
>     prototypes
>     > and external projects that make interesting use of Tor, or that may
>     > otherwise be of interest to Tor hobbyists. Tor has a lot of eyes
>     on it,
>     > and I think we should make use of that attention to get more people
>     > excited about the great work that folks do outside of the
>     official Tor
>     > organization.
>     >
>     >
>     > Here's some of the stuff I've been working on:
>     >
>     > # A Tor Phone prototype based on CopperHeadOS
>     >
>     > Since I wrote my writeup of a prototype Tor/Cypherpunk/Wingnut
>     Phone[2],
>     > a lot of cool stuff has been done by volunteers and the wider
>     Android
>     > community. Cédric Jeanneret adapted my pile of half-insane Droidwall
>     > hacks into the rather slick OrWall[3], Patrick Connolly
>     transformed the
>     > manual install process into an update.zip[4], and some Toronto
>     hackers
>     > created CopperHeadOS[5] - a hardened Android rebuild using grsec and
>     > several hardening additions, including verified boot[6].
>     >
>     > Unfortunately, CopperHeadOS does not support Google Apps,
>     MicroG[7] (the
>     > FLOSS replacement for Google Services), or SuperUser. You can
>     hack this
>     > stuff in via sideloading, but then you lose verified boot. So I'm
>     > working on a pile of scripts to try to shove this stuff in to the
>     > official CopperHead release images, and re-sign them with new
>     keys. That
>     > way, you don't have to give up security to be able to use apps
>     with Tor,
>     > or to use apps that require Google Play Services (such as Signal).
>     >
>     > Ideally, long-term we'd either restrict root access to just
>     OrWall, or
>     > diagnose why the VPN APIs in Android/Orbot leak traffic like
>     crazy (see
>     > below for a fun related router project to help with this).
>     >
>     > To work on this project, you'll need a Nexus 9, 5X, or 6P device.
>     >
>     >
>     > # A udev-based USB firewall
>     >
>     > I wrote a crappy pile of shell scripts that act as a USB device ID
>     > (model + serial number) whitelist, to provide vulnerability surface
>     > reduction against USB device driver exploits and attacks like
>     BadUSB.
>     >
>     > The scripts work for me, but maybe we should try to make this into a
>     > debian package with easier configuration or something.
>     >
>     >
>     > # CFC/No More 404s/Resurrect Pages
>     >
>     > Cloudflare captchas and Tor bans are annoying, especially if all you
>     > want to do is read something.
>     >
>     > Yawning Angel at the Tor Project has been working on a Tor
>     Browser addon
>     > to automatically fetch pages that are blocked by CloudFlare/other
>     > captchas from archive.is/archive.org
>     <http://archive.is/archive.org>. It needs a UI and some general
>     > usability improvements:
>     > https://git.schwanenlied.me/yawning/cfc
>     <https://git.schwanenlied.me/yawning/cfc>
>     >
>     > We could also adapt the official Firefox addons No More 404s or
>     > Resurrect Pages, depending on how they work.
>     >
>     >
>     > # Better Tor Browser support for SSH exits/private Tor exits
>     >
>     > Related to the Captcha and ban problem, I hacked up some prefs
>     and env
>     > vars to make it possible to chain an SSH SOCKS -D proxy after
>     Tor, so
>     > that it is possible to access sites that completely ban Tor with
>     strong
>     > pseudonymity:
>     https://trac.torproject.org/projects/tor/ticket/16917
>     <https://trac.torproject.org/projects/tor/ticket/16917>
>     >
>     > We could give this thing a UI. As a more involved project, we could
>     > patch Tor to support "Tor Exit Bridges": ie Tor "bridges" that
>     have an
>     > exit policy and can be used instead of public exits.
>     >
>     >
>     > # OpenWRT-based Tor Firewall
>     >
>     > I have a prototype Tor Router based on OpenWRT that only lets Tor
>     > traffic through, and acts as a wifi firewall. It is based on
>     > https://wiki.openwrt.org/toh/tp-link/tl-mr3040
>     <https://wiki.openwrt.org/toh/tp-link/tl-mr3040>, and uses the LEDs to
>     > tell you if anything on your computer has tried to bypass Tor, if
>     > anything on the local network has tried to make a TCP connection
>     to you,
>     > or if anything has sent a ping/UDP packet at you. I've arranged
>     these
>     > LEDs as a sort of "hitpoint" bar, so that the UDP LED is the
>     farthest
>     > out, then the TCP connect-back LED, and then the Tor bypass led is
>     > closest in. It is rather amusing to use this thing at hacker
>     events to
>     > watch how fast stuff happens to you. Since the MR3040 also has an
>     > ethernet jack, you can use it to prevent exposing your laptop's wifi
>     > firmware to hostile networks, by putting the router into client
>     mode and
>     > routing through ethernet. The router firmware supports
>     concurrent client
>     > and host wifi operation, so that you can have the device still
>     provide
>     > firewalling to devices that only support wifi by creating your own
>     > personal access point on one side of the firewall, and acting as
>     a wifi
>     > client on the other.
>     >
>     > It is also very useful for helping to debug proper behavior of Tor
>     > applications (especially mobile/embedded apps), so that leaks are
>     > quickly apparent to you.
>     >
>     > This device is different than other Tor-enabled routers (such as
>     NetAid
>     > and Anonabox, etc) because it is primarily meant to function as an
>     > additional security layer, not just something that blindly
>     shoves all
>     > your traffic through Tor.
>     >
>     > The device has switches on it, so it can be easily switched between
>     > different modes.
>     >
>     > Areas of improvement for this project:
>     >
>     >  ii). It would be cool to make some kind of REST negotiation API
>     with Tor
>     >       Browser, so that this device could pick bridges or guard
>     nodes for
>     >       Tor Browser, tell Tor Browser about them, and ensure that only
>     >       these bridges or guard nodes were used (as a security layer).
>     >
>     >  ii). Various UI work to make it easier to configure through a
>     web UI.
>     >       Maybe borrowing ideas or sharing code with
>     https://netaidkit.net/,
>     >       or maybe just sticking to the OpenWRT UI.
>     >
>     >  iii). It might be nice to also have a VPN on here as an option
>     via one of
>     >        the switches, so that traffic that was not destined to
>     Tor was
>     >        VPN'ed instead of dropped. This will require some hacking
>     with
>     >        OpenWRT image creator, since there is not enough space
>     for a VPN in
>     >        the default images for the device.
>     >
>     > To work on this project, you will need an OpenWRT compatible
>     router. It
>     > doesn't have to be the MR3040, I just like that one because it has a
>     > battery and LEDs :). If there is enough interest, I can also bring a
>     > pile of old routers I have lying around, as well.
>     >
>     >
>     > # Reproducible build help with your Tor/Cypherpunk Project
>     >
>     > If you're making security tools, build security is very
>     important. I can
>     > help people work towards ensuring their projects can be build
>     > reproducibly. We can also discuss various opsec considerations for
>     > signing key material, and build security for projects that are a
>     long
>     > way away from being able to build reproducibly.
>     >
>     >
>     > # Your idea here!
>     >
>     > Please, suggest stuff you want to work on. Maybe I can help. Or
>     if not,
>     > maybe someone else can!
>     >
>     >
>     >
>     > 1. https://www.youtube.com/watch?v=teBV0EoJJY8
>     <https://www.youtube.com/watch?v=teBV0EoJJY8>
>     > 2.
>     https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
>     <https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy>
>     > 3. https://github.com/EthACKdotOrg/orWall
>     <https://github.com/EthACKdotOrg/orWall>
>     > 4. https://github.com/patcon/mission-impossible-android
>     <https://github.com/patcon/mission-impossible-android>
>     > 5. https://copperhead.co/android/
>     > 6.
>     https://source.android.com/security/verifiedboot/verified-boot.html
>     <https://source.android.com/security/verifiedboot/verified-boot.html>
>     > 7. https://microg.org/
>     >
>     >
>     >
>     > _______________________________________________
>     > Noisebridge-discuss mailing list
>     > Noisebridge-discuss at lists.noisebridge.net
>     <mailto:Noisebridge-discuss at lists.noisebridge.net>
>     > https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>     <https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss>
>     >
>
>
>     _______________________________________________
>     Noisebridge-discuss mailing list
>     Noisebridge-discuss at lists.noisebridge.net
>     <mailto:Noisebridge-discuss at lists.noisebridge.net>
>     https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>     <https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss>
>
>
>
>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20160826/89a644c8/attachment-0003.html>


More information about the Noisebridge-discuss mailing list