[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] torsocks is broken and unmaintained

i agree with adrelanos i use tor manly to run a bridge and a relay at my work {we set up a server for that} but i find it difficult to Macaulay go into sock but on the occasion i use it which is rare besides to connect to an employe computer but if we had a library of tor connection optioned where say a developer could attach his programs and run it through there when the c level people go off to other countries we only allow them to use tor to connect back to us if hey don't want to use a vpn some don't but most will although it does make it difficult to make sure tor stays up to date one of the either one of my senior techs or myself have to go pull in the laptops and update them but it easier then somebody piggybacking on there vpn and getting into the databases On 12/2/2012 8:19 AM, adrelanos wrote:
Matthew Finkel:
On 12/01/2012 06:14 PM, John Case wrote:
On Fri, 2 Nov 2012, grarpamp wrote:

I don't agree. torsocks is still useful to prevent identity correlation
through circuit sharing. Pushing all traffic through Trans- and DnsPort
is not the answer.
Also, I don't want all of my applications using Tor -- just some of
them. Using Tails or TransPort wouldn't allow me to do this.
Some people do run multiple Tor's, jails, packet
filters, and apps. Largely to get around current
Tor limitations. Those people don't have this
singularity problem/position that you assume.
Torsocks is not required in that instance.

There has to be a better way to simply "make an ssh connection over ToR".

I don't want to run all of tails just to make a single ssh connection (2
minutes to properly fire up vmware, massive cpu use, laptop gets hot,
fans running, everything else comes to a crawl).

I don't want to run a full-blown tor relay installation with all the
bells and whistles and then maintain that full blown environment, watch
advisories, run periodic tests, test for dns leakage, blah blah.

I want this:

cd /usr/ports/net/torssh
make install
torssh user@xxxxxxxx

Am I the only person that wants/needs this ?

I understand that you can't go down the road of "make a custom tor app
for everry possible client app that people want to run", but come on ...
ssh ? If there was just a single app to do this for, it would be that,
right ?
The real issue is that once they start providing torified-forks of
certain projects where do they draw the line? torFirefox for TBB, sure
(which may be coming down the pipe anyway)! torssh, why not? Tor Project
is already stretched thin which means third party devs would have to
implement most of the work and who would be able to audit all of them?

"Torification" integrated into these projects would be a usability
god-send for most people. But that would ultimately be its undoing. At
this point many users don't understand that anonymity is not as simple
as flipping a switch, it's so much more complex than that. One possible
advantage of Tor being a little complex is that it makes people realize
that ensuring ones safety/privacy online is *not* easy and it's possible
that increasing the usability too much could put more people at risk.

In addition to this, if different projects have tor integrated then that
would mean each one would have to keep state separately and each would
most likely have different guard nodes and such. The result, again,
would be putting the users more at risk.

I understand the appeal of such packages, but if you think about this
then you'll see that running a single daemon and channeling connections
through it probably is the best and most resource efficient way. Just
think, if "x number of" programs you wanted to run were torified than
you would essentially being running x instances of tor, not ideal.

For now, using built-in proxy support for an application, or torsocks if
it doesn't have it, is the best option we have and we still need to be
careful when we use any built-in proxy option.

Many developers failed to add proper Tor socks proxy support. (DNS leaks

See ticket:

In comparison many instant messenger developers messed up implementing
their own encryption which is incompatible with others. OTR was a great
invention to establish an respected, proven, cross compatible encryption

Let alone the neglected torsocks which is affected by so many serious
leak and other kinds of bugs. This goes for many other outdated and
buggy proxifiers as well.

And all the people messing up correct torification and using leaking
applications and endless discussions and uncertainty if there are leaks
or not...

Compare this with the i2p network and applications designed for the i2p
network. The i2p network has arguably a different threat model and
security features but one thing you will (not) be missing in the i2p
community: discussions whether applications do leak or do actually
correctly use i2p.

I think instead of inventing torsocks it would have been much better if
there was a Tor connection library and applications could easily use it.

tor-talk mailing list

tor-talk mailing list