[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: SoC Project: Improving Hidden Service Security and Usability
- To: bennett@xxxxxxxxxx
- Subject: Re: SoC Project: Improving Hidden Service Security and Usability
- From: Ringo <2600denver@xxxxxxxxx>
- Date: Mon, 25 May 2009 04:01:28 -0400
- Cc: or-talk@xxxxxxxxxxxxx
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Mon, 25 May 2009 04:02:01 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:content-type:content-transfer-encoding; bh=fD4TaEgYGq5pnCKomJF81+MHzs4O18+t9GOk7equqAs=; b=TSg/k9h8t9L2aFpQ+oLmjhlzKCd6WNjsTWxVaN3Bw3tvZJpCo84mIeYj0jPMkTf2In R2Y09CS2H4kMjjX+LAfITsh360TDK7X+AxsLV1nMuvd6SIUD5gX7XOqX6boNNEbjJnCX iE4nFmFQfxwsvdKcCfVQKQAZJ8Sjckqndno8U=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; b=Gu7VjpCBJrIEXjFVQu13hoxuQlMhsFG5cmLGuHJKYG0ga5EySlIA4xReEZnc7Wpo4a MLv8aETcCvx9hupfRIpxuVASXmtp6oSCg/wDPe/gFd0D3qUeZVZl9JCmyrArU8t/Ki9W 0RdwqfWT9W17hnG+s+ajWLjFyE28YsCiPXyj0=
- In-reply-to: <200905250740.n4P7eEkk015768@xxxxxxxxxxxxx>
- References: <200905250740.n4P7eEkk015768@xxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Thunderbird 2.0.0.21 (X11/20090318)
This is actually something that I thought about but I decided to go for
Linux for a few reasons. The first one being my own experience in Linux
is much greater than that in Windows and the second one being that
installing Ubuntu has become easy enough that I suggest it to
non-techies. If somebody is serious about running a forum for Chinese
dissidents, for example, then they're probably willing to install Linux
on a machine dedicated to it. I think that windows-only clients might be
more likely for personal hidden sites than sites that require constant
uptime. Since sites that require constant uptime usually require a
separate machine, it seems to me that encouraging people to run Linux is
probably a good choice especially given the risks that individual might
be taking by running a hidden service. I would rather have somebody use
Linux instead of Windows because there's no guide for Windows than the
other way around. I agree with you though that somebody needs to do the
same thing I'm doing but for Windows.
I haven't ever done any fingerprinting of hidden services but it would
be interesting to see how many/if any run Windows. As far as I can tell,
most of onionland is run by some dedicated techies who mainly use Linux,
but I could be wrong.
Ringo
Scott Bennett wrote:
> On Sun, 24 May 2009 21:59:28 -0400 Ringo <2600denver@xxxxxxxxx> wrote:
>> I'll be working on improving hidden service security and usability this
>> summer (starting in about three weeks). I'm currently attending the
>> Evergreen State College in Olympia, WA and am working on an 'independent
>> contract' which is basically designing a program/class for myself. This
>> isn't a GSoC project but it's similar.
>>
>> Tor's client interface is easy to use and well documented, but the same
>> can't be said for hidden services. Many of the people who need these
>> services the most like human rights organization and our beloved Chinese
>> dissidents probably aren't able to set up a hidden service due to the
>> level of technical expertise it requires. As far as I have been able to
>> find, there is no guide to setting up secure hidden services nor is
>> there any program that helps facilitate it. So that's what I'll be
>> working on.
>>
>> Specifically, I will be creating a how-to guide for securing standard
>> LAMP servers as well as a script that will help Linux users set them up.
>> I have a few ideas for locking down apache, php, etc. but I would
>> appreciate any other ideas admins of hidden services have as well as
>> suggestions on how to implement them.
>>
> It looks like a project that ought to be done. However, it does seem
> to me that, in the service of the interest you expressed in your second
> paragraph above, a higher priority project should be a project to set up
> hidden services on Windows systems. Although it does appear that the largest
> number of relays by host operating system is some distribution of LINUX, the
> largest number of users worldwide remains, unfortunately, Windows users.
> Noting that hidden services can be provided by client-only tor instances,
> a type of configuration that reduces still further the chances of investigating
> agencies tracking down the sources of those services, those Chinese dissidents
> and human rights organizations/activists would be better served by an easy way
> to set their services up under Windows without the need for running tor in
> relay mode.
> Since your project has already been approved as proposed, I wish you
> the best of results. But I do hope that someone's project someday will address
> the most numerous category of people needing to offer hidden services.
>
>
> Scott Bennett, Comm. ASMELG, CFIAG
> **********************************************************************
> * Internet: bennett at cs.niu.edu *
> *--------------------------------------------------------------------*
> * "A well regulated and disciplined militia, is at all times a good *
> * objection to the introduction of that bane of all free governments *
> * -- a standing army." *
> * -- Gov. John Hancock, New York Journal, 28 January 1790 *
> **********************************************************************
>