[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TBB - Correct/proper use of TOR_SKIP_LAUNCH=1 ?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] TBB - Correct/proper use of TOR_SKIP_LAUNCH=1 ?
From: Zenaan Harkness <zen@xxxxxxxxxxxx>
Date: Mon, 24 Mar 2014 11:50:55 +1100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 23 Mar 2014 20:56:28 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=a2i+VwJ5Mu2xJjPm7dDgwcUpzVakyonVhWtIFFqLxlE=; b=R3WbDPkA/h5BSjmH0DyG1Tbsme63PBdiXzfzHw6D2fWj+tpC9o9ZLcrCsIy8J3oL2m YHGdYpkn2OZdipX/k7E2fUGRCfYzq3JSj6n+sUK/Ahxud09RbbFVaBdmXlUmCt2RYAr/ 7POytxaYR+VEuOmqRfrZW4RkFwoic5YgJ8TZBzD/xNGFJWdfCg86+0hlWsEQRnS5kAP5 yr490zxaT7iUvJkSGtxhg/Cr1VGD8wDdgkl3R0BJq9N5kwp6MJVLTr1plOGC7z6JTwVE uRYkwWeFClthkkl/aFBZzrWeVn04jutL3AgZk4wnXFwMYbf7/yG9gHcpkTfQbccuqA0L Jx9w==
In-reply-to: <20140320042912.GA31910@loar>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAOsGNSS-jUSsyQuy+vmOYeLW-Sn_Ek3jdRBNXsGjmTAU=maWrw@xxxxxxxxxxxxxx> <20140320042912.GA31910@loar>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 3/20/14, Lunar <lunar@xxxxxxxxxxxxxx> wrote:
> Zenaan Harkness:
>> From here:
>> https://trac.torproject.org/projects/tor/ticket/6009
>>
>> we see addition of
>> TOR_SKIP_LAUNCH=1
>> command line option to effect start-tor-browser.
>>
>> My questions all assume using TBB.
>
> TOR_SKIP_LAUNCH was designed for Whonix and Tails use cases. For both
> the tor daemon is started independently of the Tor Browser. For the
> former on a different host and for the latter under a different system
> user.

My proposed "VPN" scenario is similar to the Whonix concept.

>> Q1) When is it sensible to use the above TOR_SKIP_LAUNCH=1 option?
>> For example:
>>  - when connecting to local always-on relay?
>>  - when connecting to local sometimes-on relay?
>>  - when connecting to ones own 'cloud' relay via VPN?
>>  - when connecting to ones own physical host relay via VPN?
>>  - when connecting to a friend's home host relay via VPN?
>
> None of the above. What is the problem of running tor locally?

High-latency, low-bandwidth dialup and satellite connections for some
of the people I advocate tor to (and libre software in general of
course).

This FAQ entry:
https://www.torproject.org/docs/faq.html.en#ShouldIUseTorWithAVPN
says in part "if you're looking for a trusted entry into the Tor
network, setting up a private Tor server as a bridge is a great
option".

The "private bridge" or rather, "trusted entry" in our case is the
first (so far) tor relay I installed, which is installed at a site
with a low-latency, reasonable-bandwidth ADSL2 connection.

As the website suggests here:
https://www.torproject.org/docs/faq.html.en#RelayOrBridge
exit relays are most needed. So that's what I set up.

I am assuming that this exit relay is also useful as a "trusted entry
to tor" bridge for those who are not practically able to run their own
private/public bridge/relay (high latency links etc, see above).
Is my assumption correct?

If not, is there a better way? Eg would it make sense to run two
instances of tor at the current exit relay host (one as a "trusted
entry"), rather than just the exit relay?

So I'm not sure any of those 5 questions above make sense. But that's
the context in my mind "trusted entry to tor" at the least for those
with problematic, high-latency and/ or low-bandwidth and/ or censored
(not sure that's the case yet in Australia, but could be?) internet
connections.

I am using the term "VPN" since for my joining-tor advocacy, at least
for a few people, I have set up limited ssh logins on our first exit
relay I refer to, which I am assuming is also a useful tor entry point
for problematic internet links. So it is I guess a "limited" VPN which
I am referring to in my questions, which exists for the purposes of
allowing certain users (with problematic links) to connect to the exit
relay which I am assuming is useful as a "trusted entry bridge".

Hope I'm making sense here...

A question I'm not able to answer: is it beneficial to have this VPN
for some of the users, or should I just tell them "customize your
connection and add the name of the relay to the last step - to bypass
your filtering ISP or to use our 'trusted relay'"?
Or is it better that they use the IP address and tor port of the relay
as their "bridge" config, or something else?

I really would like to understand the pros and cons of these
alternatives, and have been studying tp.o in vain to try and find out.

When you say "running tor locally", are you referring only to a "local
always-on relay" - eg one connected to ADSL permanently? Or do you
also include in that term, 'running TBB locally on the spot which
creates its own local tor instance'? As in, are you also including in
the term "running tor locally" a "local sometimes-on relay (or
'private' bridge?)"?

For example, a person has a high-latency low-bandwidth dialup
connection and so cannot run a relay and cannot run it all the time -
they need to make and receive phone calls sometimes, or they only have
one portable computer which they cannot leave on site at all times.
Does a temporary local "tor" satisfy the concept "running tor
locally"?

I apologise in advance, I am quite a newbie to tor and anonymous
networks and am really struggling with some of the terms and concepts
used. Yes I may well be missing something obvious.

My next question: Does running a "local always-on relay" provide
https://www.torproject.org/docs/faq.html.en#BetterAnonymity
by simply running it, but completely ignoring it thereafter (as in,
just run TBB with default network config, pretending your own relay
does not exist)?
I've been assuming not, but after your questions back to me, now I'm
beginning to wonder how confused I might really be here... If it is
not recommended to run a relay and connect with TBB to somewhere else
(whatever the 'default' happens to be), then this should certainly be
stated somewhere - and frankly, TBB ought have options in its config
dialog (it this is what is recommended) for "I'm running a tor relay
on my LAN, which I am also connected to right now, and intend to use
it - here's the SOCKS IP and port" as well as "I'm VPN-ing to a relay
I'm running elsewhere and intend to use that, here's my properly
forwarded localhost SOCKS port for my remote tor relay instance".

If 'run a relay but ignore it' is intended by the project, that is not
intuitive from the torproject.org website and documentation that I've
read so far.

I don't understand the anonymity implications for the differences in
these various scenarios which I am trying to comprehend.
And I haven't been able to answer these questions in a fair bit of
reading so far.
And whilst I don't understand, then I am unable to advocate (in good
conscience) in any way other than to say "yeah, TBB should provide
some reasonable anonymity improvements - just download from tp.o and
run". Without understanding, of course I cannot optimize privacy for
those I advocate to.

>> Q2) When connecting to a trusted friend's relay via VPN, [...]
>
> Why would you want to do that instead of using a (private) bridge?

High-latency, low-bandwidth, only sometimes-on internet connections.

Also, I am struggling to find a proper definition of 'private bridge'
and what that exactly means and how it actually works.

I searched tp.o for a glossary, and only found git showing a terms
list for translators (no definitions). Perhaps the FAQ could be
updated after my mis-understandings are clarified?

For example, I am currently unable to answer the question: What sort
of connections does a private bridge have in and out?
Is it only connections from those who know the name or ip of the
private bridge? Or does it also act as a relay sometimes? BTW, I have
read this (in full, at least twice, as with much of tp.o):
https://www.torproject.org/docs/bridges#RunningABridge
and yet still cannot answer these questions.

I have yet to properly read the Tor design docs, but I was hoping tp.o
would provide enough information for a thorough understanding for a
(advanced?) relay operator. Perhaps up to now no one has faced the
scenarios I am facing - in which case, this will be a great
opportunity for some new docs. I am willing to summarize things once I
realise where I have been not understanding.

From: https://www.torproject.org/docs/faq.html.en#BetterAnonymity
that FAQ entry regarding "does running a relay give better anonymity"
concludes with "It is an open research question whether the benefits
outweigh the risks. A lot of that depends on the attacks you are most
worried about. For most users, we think it's a smart move."
This wording ought be a little tighter - as in "for most users"
implies there are "at least some users" for whom running a relay is
not a smart idea - who are those users, even who might they possibly
be??
It might be obvious to others who those "other" tor users might be,
but it's not obvious to me, and I think it would be good to clarify
this point, if possible. If it is not possible to describe such a
"hypothetical user who could benefit from NOT running a relay", then
we should state that, admitting that we do not know for whom not
running a relay is a benefit, or could be a benefit.
The point is: It is good that we be as clear as possible on the
boundaries of our knowledge regarding these issues of tor and privacy
and anonymity (another two terms that would be good to carefully
define in an end-user Glossary page).

Is it advised for or against, for high-latency and/ or low-bandwidth
users (common in rural areas) to connect to a site (vpn or just using
the relay name as a bridge) where that site has its tor running as an
exit relay?

What if the site they VPN to is a normal 'public' bridge relay?

What if it is an un-listed (what I understand to be 'private') bridge (relay?)?

I am expected to advocate/install etc, for a small community of couple
dozen or so people.

I have read this:
https://www.torproject.org/docs/faq.html.en#AlternateDesigns
Which answers "shouldn't tor default to all tor users being relays".

At the moment, I realise I am making certain assumptions about whether
one setup, or one connection method, is more, or less, 'anonymous',
than some other setup or method.

I have a duty of care towards those I assist. I am bound in my
conscience to assist people only by coming to a full and proper
understanding of the trade-offs of different setups that I could
advocate for.

>> Q5) When connecting to a trusted friend's relay via the open Internet,
>> is this what's called using the relay as a "bridge"?
>
> Using a relay as a bridge is when you configure a public Tor relay
> instead of an unlisted bridge as one of tor bridges. There are very few
> use cases where it makes sense. See "Bridge" and "UseBridge" in tor(1)
> manual page.

My point is, the exit relay I installed is a 'public tor relay' - as
in it is not configured as 'private', but is that what you mean? In my
mind 'public tor relay' could mean 'a relay not installed and operated
by you, but instead by someone else in the public and quite possibly
not trusted'.

Thank you for those man page pointers. That clarifies part of the
"how". Hopefully soon I'll have a solid "why" (or why not) :)

Also, the bottom of
https://www.torproject.org/docs/bridges#RunningABridge references
bridges-spec.txt, which I am yet to read in full, but shall do so.

Thank you so much for your feedback,
Zenaan
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] TBB - Correct/proper use of TOR_SKIP_LAUNCH=1 ?
  - From: Lunar

References:
- [tor-talk] TBB - Correct/proper use of TOR_SKIP_LAUNCH=1 ?
  - From: Zenaan Harkness
- Re: [tor-talk] TBB - Correct/proper use of TOR_SKIP_LAUNCH=1 ?
  - From: Lunar

Prev by Author: [tor-talk] TBB - Correct/proper use of TOR_SKIP_LAUNCH=1 ?
Next by Author: Re: [tor-talk] How to make Whonix really user friendly? Looking for your suggestions!
Previous by thread: Re: [tor-talk] TBB - Correct/proper use of TOR_SKIP_LAUNCH=1 ?
Next by thread: Re: [tor-talk] TBB - Correct/proper use of TOR_SKIP_LAUNCH=1 ?
Index(es):
- Author
- Thread