[ANNOUNCE] Tor anonymous proxy
 

on my openrepos https://openrepos.net/content/nieldk/tor
needs libevent installed from my repo also.

There are some comments complaining that it removes phone, contactss and aliendalvik. I am not able to reproduce this, so, I fear openrepos is hit by spam/malware ?
but, please do respond if any of you do have issues ....

config file is in /etc/tor/torrc

EDIT,

Added the ability to start/stop tor by pressing the tor desktop icon.

The desktop icon will change colour red=stopped and green=started according to status.

Please UN-INSTALL an previous versions before installing version 0.2.4.23-2, also the unstable alpha-version !

Thanks goes to Schurmann
for his help in creating this switch

Re: [ANNOUNCE] Tor anonymous proxy
 

SO, It seems there are some issues.
I am doing testing myself, but I cant reproduce the mentioned issues.
For saftety, the libevent and tor RPMs have been removed from openrepos.
Instead, I attachh here SRPM and RPMs for both libevent and tor, and any feedback will be appreciated.
Do be warned, that it might have serious consequences to install ATM eg mentioned issues reported by 3 people now about phone, contacts and aliendalvik being uninstalled.

https://www.dropbox.com/s/mqup4hvck4...nt-rpms.tar.gz
https://www.dropbox.com/s/3nzyq3llay...or-rpms.tar.gz

Re: [ANNOUNCE] Tor anonymous proxy
 

Ahh, so that's why I couldn't find it.
https://together.jolla.com/question/...l-application/

Re: [ANNOUNCE] Tor anonymous proxy
 

Yes, since some had issues, I removed it from my openrepos.
I have been testing on my device quite heavily. Installing, deinstalling, reinstalling, libevent and tor, locally and from repos.
So far I have not had any issues, but, surely, I cant deny that its been reported by 3 ppl to me.
So, as you have seen, the damage might be resolvable - when and if it happens :) But, be aware, that installing current version MAY cause issues.

That being said, it would be nice if some daredevils wants to test and report back :)

Re: [ANNOUNCE] Tor anonymous proxy
 

Hello. I installed (by file browser) and uninstall TOR and everything is in order. Nothing bad happened :D

Re: [ANNOUNCE] Tor anonymous proxy
 

Another issue:
https://together.jolla.com/question/...l-application/

Re: [ANNOUNCE] Tor anonymous proxy
 

May be some issues with package naming and conflict occured?

You have deleted application bundle, but sailfish packages are still in place. Check and delete them at https://openrepos.net/my-apps
Update: does aliendalvik support installs own libevent (or something like that)?

Also, do not upload packages with different names to same application node, or order them, main package should be first on the attachment list. Or warehouse will check/install/delete wrong package(i.e. "libevent" instead of "tor"). This can cause issues.

Re: [ANNOUNCE] Tor anonymous proxy
 

Hmm unable to delete those sailfish packages it seems, when deleting application first.

As a note.
I hardly think its a naming issue for system packages wit same name. I searched. Also, as I said. I cant reproduce this issue on my device.
I have Aliendalvik and it is not being affected. Neither is phone nor contacts.
As for a openrepos issue. I also doubt that, as I have also tried several installs/uninstalls from repo.

did you tried with warehouse?

Re: [ANNOUNCE] Tor anonymous proxy
 

Yes, restriction applies. I'll delete this.

I found once possible issue with package name matching using masks, which could caused deletion of "*tor" package.
Fixed in 0.2-4.

Re: [ANNOUNCE] Tor anonymous proxy
 

@custodian thanks, I really dont want anything on my openrepos that can cause issues like this

Re: [ANNOUNCE] Tor anonymous proxy
 

I think that this issue is resolved now.
If you upload multiple rpm(deb) files with differen names (i.e. tor, libevent), order them and make main package to be the first one.
But true way is to create separate packages ;) library libevent, and application tor.

Warehouse recieves package name for install/remove/update from first file attached to application node.

Re: [ANNOUNCE] Tor anonymous proxy
 

tor is back!
working great with my new build, changed default browser config (installation does this for you) so default browser actually uses tor by default, also, tor daemon is configured to listen on 127.0.0.1/9050 for socks connections, and is started and enabled so it stays permanent after boot.

Re: [ANNOUNCE] Tor anonymous proxy
 

This will really help to improve the privacy and security when browsing.

Richard

Re: [ANNOUNCE] Tor anonymous proxy
 

Thanks for building this nieldk.

It works great but everyone please note that installing this and using the default sailfish browser will not give you the same level of anonymity or censorship circumvention of the Tor Browser Bundle on a typical desktop machine. This is because DNS will still be working as usual - not through tor. If you attempt to browse to example.org then you will be telling that to your DNS provider (typically your ISP). In addition this means you can't access .onion sites by default.

Perhaps it would be a good idea for this tor package to set up TorDNS[1], potentially changing /etc/resolv.conf to point to it.


[1] https://wiki.archlinux.org/index.php/Tor#TorDNS

Re: [ANNOUNCE] Tor anonymous proxy
 

this is somewhat true, But, using tordns does add some other (for me) not wanted issues regarding DNS queries ( it can only handle certain record types)
It also is just a bit more tricky due to services already running on Device, which prevents you from using port 53. Now, that would be just fine, had proxy been working fully with conman, It doesnt. So, this was a build to obtain a good level of anonimousity surfing with the default browser.
Not saying im giving up further work on this, but it doesnt have high priority at least until a system wide proxy availability is done.

Regarding the DNS issue and the leaking of ISP DNS and browser behaviour, this is some good reading on the topic, I think ots less worryong, and certainly an improvement as-is ;)

http://www.antitree.com/how-tor-does...aking-bad-way/

Re: [ANNOUNCE] Tor anonymous proxy
 

Thanks nieldk - I agree it might be problematic to get this working without breaking some DNS queries.

For anyone intereseted, I got TorDNS working by redirecting all outgoing DNS queries to it with iptables. Here are the instructions (only do it if you have a good idea what what all this means, and again it might break certain DNS queries):

Add the following to /etc/tor/torrc:
su-devel
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 9053

Then restart tor. Check that it's working by going to a tor hidden service like duckduckgo's: 3g2upl4pq6kufc4m.onion.

Re: [ANNOUNCE] Tor anonymous proxy
 

Just got redsocks (system-wide transparent proxy) packed and uploaded to openrepos :D

Re: [ANNOUNCE] Tor anonymous proxy
 

does it adjust by the propeties set in WLAN configuration on Sailfish? I build squid and while it wirks, the Jolla itself doesnt seem to care about the proxy settings available in system.

Re: [ANNOUNCE] Tor anonymous proxy
 

It does not use the WLAN configs. Instead an iptables script is needed to 'hijack' all the traffic through the proxy. 'Transparent' means that the system does not know there is a proxy set up.

Re: [ANNOUNCE] Tor anonymous proxy
 

Nice, I see it has a small footprint :)
I do prefer squid, despite the larger footprint, due to the overall usability.
Still, it sucks to have to use iptables... So I hope Jolla will fix those proxy settings to actually work

Re: [ANNOUNCE] Tor anonymous proxy
 

Yeah iptables may get messed up :D

Re: [ANNOUNCE] Tor anonymous proxy
 

I liked the idea, but I've uninstalled it, it takes to much speed of my 4G subscription. A option to switch it on and off would be needd, just like the N900 version.

Further love your work NielDK!

Re: [ANNOUNCE] Tor anonymous proxy
 

Try proxychains which redirects the traffic of a single app (e.g. the browser) to Tor. You may modify the .desktop file in /usr/share/applications to create a launcher icon to launch the app 'proxified'. I used this trick in N9 where there was no iptables available.

Re: [ANNOUNCE] Tor anonymous proxy
 

Added the ability to start/stop tor by pressing the tor desktop icon.

The desktop icon will change colour red=stopped and green=started according to status.

Please UN-INSTALL an previous versions before installing version 0.2.4.21-2, also the unstable alpha-version !

Thanks goes to Schurmann
for his help in creating this switch

Re: [ANNOUNCE] Tor anonymous proxy
 

Update to v 0.2.4.23 to mitigate early relay attack

Please UN-INSTALL an previous versions before installing version 0.2.4.23-2, also the unstable alpha-version !

Re: [ANNOUNCE] Tor anonymous proxy
 

Well, well, here is a reason not to use tor browser bundle (and to update my tor if you didnt yet)

http://www.wired.com/2014/08/operation_torpedo/

Re: [ANNOUNCE] Tor anonymous proxy
 

lol, again windows compromised. i like linux safety :)

Re: [ANNOUNCE] Tor anonymous proxy
 

oh, but no my friend. It was exploiding a Firefox vulnerability in older installations of torbrowser, while the article mentions windows hostname, this also applies to *nix firefox (torbrowser) versions.

Re: [ANNOUNCE] Tor anonymous proxy
 

this one is impossible in linux

Re: [ANNOUNCE] Tor anonymous proxy
 

I remember reading about that vulnerability last year, it was actually a vulnerability in Firefox. The problem was that the version of Firefox bundled with the Tor Browser Bundle was out of date leaving the vulnerability unpatched. This was quite embarrassing for the Tor Project so I'd be surprised if they haven't addressed the issue by now. That being said, personally I don't use the Tor Browser Bundle either, it is possible to route DNS lookups through Tor.

It's not impossible. I may wrong but IIRC the vulnerability was not platform specific but they targeted Windows as it has the largest user base. There's nothing to stop injection of Linux shellcode in the magneto variable.

I like Linux too but it would by naive to think that you are safe just because you use Linux.

Re: [ANNOUNCE] Tor anonymous proxy
 

@wicket You are absolutely correct

1 It was a vulnerability in Firefox
2 It is (was) not platform specific
3 Yes, Windows was the target in the specific case
4 but unpatched Linux was indeed vulnerable
5 Tor did indeed patch
6 Users didnt (all) upgrade, leaving them vulnerable

Re: [ANNOUNCE] Tor anonymous proxy
 

About the DNS, is there some reason why you haven't simply routed DNS requests through the tor proxy as described here: http://superuser.com/questions/10359...oxy-in-firefox I just tried it and it seems to work.

Despite the comments about vulnerabilities in tor-browser I would still like a dedicated tor browser on my Jolla. Long story short, for real security I use whonix and I certainly would't trust anything important to a hand-held device that holds my data unencrypted.

Re: [ANNOUNCE] Tor anonymous proxy
 

Thank you for this link. This I will update todsy in tor-switch paclage :)
Also. I will try to update so the icon refreshes. That will take a lipstick refresh, which will have the effect that screen will blank for a few seconds. But that is bearable.

To create a full torbrowser is a bit more difficult. So, no promises ither than I will look into that.

Re: [ANNOUNCE] Tor anonymous proxy
 

UPDATE

I have updated versions of tor and tor-switch to handle DNS queries (You can lookup .onion adresses).
Also, the icon is now changed as supposed (restarts lipstick service, so screen goes blank and a green light for a few seconds)

Enjoy
https://openrepos.net/content/nieldk/tor-switch
https://openrepos.net/content/nieldk/tor

Re: [ANNOUNCE] Tor anonymous proxy
 

Could I make another feature request?

Rather than overwriting the pref.js file, could the tor-switch script leave unchanged all settings other than the ones that it needs to modify? Shouldn't be too hard using scripting tools grep/awk/sed, or even as a starting point, it could save the file when starting tor and restore it when stopping tor.

Re: [ANNOUNCE] Tor anonymous proxy
 

I will make that.
Thanks, a good, and sensible suggestion :)