logs archiveIRC Archive / Oftc / #tor / 2015 / August / 4 / 1
meejah
amiller: the tor control protocol doesn't let you attach streams for onion-sites (yet?)
so, it would take a Tor patch, and then should "just work" in txtorcon...
special
amiller: but if all you need is multiple circuits to an onion service, you can use the socks isolation feature.
meejah
yeah, if you don't care what the circuit is, you can just use Tor as a client (e.g. with txsocksx if you're using twisted)
amiller
meejah, hm, so the patch would just be to the tor control interface?
meejah
the attacher interface is for when you want to attach a specific stream to a specific circuit (maybe that you built) ... but it doesn't work with onion services
amiller
i guess i'm interested in trying to see how feasible that could be
hm, socks isolation feature, i'm unaware of that
meejah
amiller: I can't remember where it is in the code, but if you work from the control-code outwards you'll find a switch/if-else ... probably an actual tor-c-programmer can tell you better ;)
amiller
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IsolatingProxy i guess
special
hmm,, no
https://www.torproject.org/docs/tor-manual.html.en look for IsolateClientAddr, IsolateSOCKSAuth, etc
in particular, IsolateSOCKSAuth is on by default, and means that if you give a different socks username/password to tor, you will use different circuits.
         

meejah
amiller: there is preliminary support for "tor:" endpoints and client-side stuff in general in txtorcon -- more like this would be nice, feel free to file a bug/PR if you find something txtorcon could benefit from :)
kritthewis
hi
how easy it is for server you are connecting to somehow exploit your browser or access files beside the Tor Browser folder?
arma
should be about the same as for normal firefox
and a bit harder if you crank up the security slider inside tor browser
(you *are* using tor browser, not your own browser, right?)
kritthewis
Yes, I am talking about Tor Browser
I mean. If it is possible, then ..... the New identity button is in fact pointless. If those who want to watch you will access or read SOME specific file outside your tbb folder, then why would you even try to disconnect from your previous 'identity'.
easily accessible fingerprint.
arma
i hope it is not easily accessible. it requires a browser exploit.
the same thing that lets you take over somebody's computer
kritthewis
I am not talking about targeted attacks. But global data - storing. Of people using the internet.
I know.
arma
if this is your reasoning, you should not be wondering about the new identity button, but rather you should be wondering what's the point of using the web at all
kritthewis
But think, even if the person will be able to get a timestamp of one file from you via your Tor Browser, then it is just you and always you, until you remove/change that file.
arma: Why is that? I am not planning that. I am just trying not to trust something blindly. And seek for improvements.
Just that it would be kind of shame, if people would use Tor, but on regular laptop / pc they would in fact still whole years have the same / unique fingerprint that would connect to them. I thought the exact opposite is the aim of Tor/TorBrowser.
cacahuatl
Accessing files is sort of "you're pwned", they're making your browser perform actions it's not meant to. Looking at file timestamps is the least of your problems.
kritthewis
I am asking if someone tried that and if he succeeded. Access any file, just for read beside user Tor Browser.
cacahuatl
With an exploit, sure but again, reading files isn't even the dangerous thing there.
kritthewis
Why not? If we talk about .... connecting internet actions to you, person.
cacahuatl
Use the security slider, use tails or torbrowser-launcher for the apparmor profiles to reduce the impact that any exploit may have.
kritthewis
That is what I mean.
But in fact on any OSX / Windows laptop/computer in worst scenario once you start using Tor Browser you will probably have unique fingerprint all the way anyway, if (and why do I smell it really is possible) the ones who watch the traffic will be/are able to.
cacahuatl
No
kritthewis
No? Tor Browser never allows any server to somehow read any visitor file anyhow? If not, then it is perfect.
cacahuatl
No browser should be allowing.
https://www.torproject.org/projects/torbrowser/design/ explains the design philosophy, choices and reasons behind Tor Browser (how it protects you)
kritthewis
Of course it should not. I am talking about era of technology and techniques that are anyway against everything. So being slightly more cautious. Thank you for the link.
arma
kritthewis: you might enjoy running your tor browser in a VM, and that inside tails or something
basically you want to sandbox the browser
kritthewis
And knowing there are new bugs found in Firefox, therefore Tor Browser each month or so on. It is definitely not time to sit down.
Exactly.
What if I run VM inside of VM and that inside of Tails and that inside of Whonix?
Am I paranoid then?
I think so.
         

arma
also, you might not be getting the *diversity* of sandboxes that you want
if you wrap it in three layers of VM, but one VM exploit lets you break out of all three...
kritthewis
yes.
that is why am I talking mainly about the subject. The Tor Browser.
arma
this is a good area to explore. historically, the extra steps have been complicated enough that normal users tell us to go away, their internet explorer is fine thank you.
Bobin
Hello
Is there a known list of article about what fingerprints, temporary files or logs, history, information does Tor itself store while it is used?
arma
are you talking about tor browser perhaps?
Bobin
Well, mostly not Tor Browser, but Tor, the client providing the circuits, connecting you to the network. Not the browser itself.
arma
ah. you might look through the files in your datadirectory.
the tor man page explains some of them. hopefully all of them.
Bobin
Okey.
s7r
who/what killed maatuska's bandwidth measurement votes?
ncl
who/what killed urras
TheCthulhu1
It would be correct to assume the tor process only requires read privileges for hidden service keys correct, not write or execute privileges?
jaggz
each time I run debian's tor browser it tries to download and install the browser.. again.
TheCthulhu1
jaggz: Any entries in the log? Is it trying to download updates etc?
qwerty1
you need to download tor browser from the website
not use tor browser launcher
jaggz:
cacahuatl
I seem to recall the Jessie TBL is out-of-date, not setup for the changes in 4.5?
I had to build it from source
package not build, I guess
qwerty1
cacahuatl: yes
jaggz
okay.. I'll go from the tor site's package :)
http://paste.debian.net/288848/
that's handy.. I call my binary "tart"
you know, for the times you untar something and they drop it in the current dir.. bleh
if someone could mess up my tor file download (such that I'd need to verify its signature), couldn't they also just modify the companion signature file?
cacahuatl
right, so try to validate the signing key is the correct one
then you will see that either it is not signed with the correct key or is an invalid signature
inxoming
clear
hey, im trying to set up a relay.. when i do "service tor reload" in the terminal to restart the relay it says this... "Redirecting to /bin/systemctl reload tor.service
Job for tor.service invalid.
"
anyone know how i can fix this? yes, i am running it as root.. haha
cacahuatl
What makes you think it requires fixing?
inxoming
"Job for tor.service invalid"
^^ makes me thing that the command didn't go through
cacahuatl
journalctl -u tor give you any hints?
arma
my next thought would be 'ps auxw|grep tor'
inxoming
-- Reboot --
Aug 03 22:36:56 localhost.localdomain systemd[1]: Unit tor.service cannot be reloaded because it is
Aug 03 22:37:13 localhost.localdomain systemd[1]: Unit tor.service cannot be reloaded because it is
Aug 03 22:37:17 localhost.localdomain systemd[1]: Stopped Anonymizing overlay network for TCP.
Aug 03 22:37:24 localhost.localdomain systemd[1]: Stopped Anonymizing overlay network for TCP.
Aug 03 22:39:46 localhost.localdomain systemd[1]: Unit tor.service cannot be reloaded because it is
arma
welcome to the fun of the new systemd world
inxoming
what happened to vidalia :(
arma
because it is.... it is what :)
inxoming
that output came from journalctl -u tor
« prev 1 2 3 4 5 6 7 8 9 next »