Tag Archives: Tor

Controllo hacktivism Networking Security

Tor2Web 2.0

23 agosto 2011 – 23:40

Avevo già parlato tempo fa di Tor2Web (qui) e di come questo servizio permetta di raggiungere i siti pubblicati all’interno della rete anonima del progetto Tor (hidden services), con dominio .onion, senza aver installato e configurato Tor.

Con questo progetto si mantiene anonima la locazione del server e se ne aumenta la visibilità permettendo a tutti gli utenti collegati ad internet di accedervi. Al tempo stesso però non garantisce in alcun modo l’anonimato di chi visita il sito.

Va fatta molta attenzione su questo punto ed è bene ricordarsi sempre che se si vuole “rimanere anonimi” è necessario installare e configurare tor.

Ieri è stata rilasciata la nuova versione di Tor2Web (wiki) che introduce alcune novità:

  • A clear disclaimer warning the user that the content is not being served directly from the server, but it comes from the Tor network
  • Contact forms for abuse complaints and to report broken websites
  • Transparent rewriting of URLs into the tor2web form (i.e. so4rmjdiwmqjosxz.onion become so4rmjdiwmqjosxz.tor2web.org)

Inoltre questa versione introduce delle blocklist utili per inibire l’accesso a determinati hidden services ritenuti “fuori policy” dai manteiner dei nodi tor2web. Questa ne è un esempio: http://wiki.tor2web.org/index.php/BlockList_for_tor2web.infosecurity.ch

Per il codice, questa è la pagina GitHub dedicata al progetto: https://github.com/globaleaks/tor2web-2.0

Twitter It!
Tags , , , | Permalink | Comment (0)
Crypto Diritti Digitali Good News hacktivism Open Source

TorChat: messenger application

28 luglio 2011 – 12:26

Giusto per segnalare l’esistenza di questo progetto, anche se non ho ancora avuto modo di provarlo e testarlo.

TorChat è una chat msn-like basata su TOR, che garantisce la cifratura (il traffico tor viaggia cifrato end-to-end) e l’autenticazione della conversazione,  oltre che l’anonimato della propra posizione.

TorChat is a peer to peer instant messenger with a completely decentralized design, built on top of Tor’s location hidden services, giving you extremely strong anonymity while being very easy to use without the need to install or configure anything.

TorChat just runs from an USB drive on any Windows PC. (It can run on Linux and Mac too, in fact it was developed on Linux with cross platform usability in mind from the very first moment on, but the installation on other platforms than Windows is a bit more complicated at the moment)

Riporto qualche stralcio dal sito ufficiale del progetto:

Encryption

All TorChat traffic is encrypted end-to-end.

There are some misunderstandings floating around regarding Tor and encryption. Whenever I mention Tor and encryption in the same sentence the immediate reflex response of many people is: “But Tor provides no encryption!” This statement is true for most applications but not for all. The most commonly known usage of Tor is to use it as an anonymizer for traffic between the anonymous user and a publicly available service in the Internet and while the traffic will travel encrypted through the Tor network it MUST at some point leave the Tor network and enter the unencrypted internet to reach its final destination. This is the origin of the above mentioned “Tor provides no encryption” and it is undoubtedly true for this most widely known and practiced application of Tor and users should understand it.

However, there exists another and less commonly known mode of operation in which two Tor clients can initiate a fully encrypted peer-to-peer connection between each other that will not leave the Tor network at any point! This is what TorChat is using. Both clients build a normal 3 node circuit from each end to some random tor node in the middle to “meet” there and connect their circuits with each other. Upon connection another layer of encryption is established reaching through from one client to the other, building one uninterrupted encrypted tunnel through all 6 nodes between the two end points. This means all TorChat traffic is end2end encrypted. There are no exit nodes involved in this mode, at no point other than your and your buddies own computer will the traffic ever leave the Tor network.

This less known Tor mode is called Tor hidden services, you can read more about it on the above link. It effectively allows true hidden peer-to-peer networks, there are just not many softwares that make any use of its peer-to-peer capability, most use it more in a traditional client-server manner, TorChat is one of the few (and at the moment I don’t know of any other).

Authentication

TorChat buddies authenticate themselves by proving that they are reachable though their .onion address.

The Tor hidden service protocol by itself has no built-in authentication mechanism for incoming connections but it can guarantee that when you initiate an outgoing connection to a given .onion address you can never end up at the wrong counterpart, the one who answers the connection is the one who is in possession of the private key belonging to this address (the private_key file in the hidden_service folder).

Therefore TorChat will not trust any incoming connection and instead immediately try to open an outgoing connection to call back any incoming buddy on the address he pretends to be. A random cookie will then be sent out by both clients on their (trusted) outgoing connection that must be correctly answered on the incoming connection. Only after the answer is found to be correct the incoming connection can be trusted, the status of the buddy will be displayed as on-line and incoming messages from this buddy will be accepted.

It is essential that you don’t lose the private_key file belonging to your ID because the one who finds it will be able to pretend to be you. Using a tool like TrueCrypt is a good idea when you intend to use TorChat on a portable USB drive as these devices can easily be lost or stolen.

Twitter It!
Tags , | Permalink | Comment (1)
Diritti Digitali Good News hacktivism Networking

EFF Campaign Increases the Number of Tor Relays by 13.4%

28 luglio 2011 – 12:15

Articolo originale pubblicato sul sito della EFF
Watching the revolutions unfolding in the Arab world this springtime – and learning details first-hand from our friends on the ground – we at EFF struggled to find meaningful ways to support democratic activists and promote online freedom of expression. But we didn’t just want to lend a helping hand –we wanted to create a pathway so that anyone, anywhere in the world, could contribute to making the Internet more private and more resistant to censorship. From these discussions came our idea of launching the Tor Challenge.

We started the Tor Challenge with a simple goal: to launch 100 new Tor relays. Tor is software that individuals –including online activists in authoritarian regimes– can use to mask their IP addresses and proxy out to uncensored networks, helping them dodge network surveillance and elude online censorship. But Tor isn’t merely software – it’s also a network of volunteer computers, each donating bandwidth and acting as a router so that people can bounce their requests through the network, thereby obscuring their digital tracks.

We launched our campaign on May 31, 2011 –and within days surpassed our goal of 100 new relays. Today, we are closing the challenge after adding 549 new relays to the network. This includes:

Exit relays: 123
Middle relays: 299
Bridges: 127
Current bandwidth: 326,084 kb/s
Percentage of Tor network bandwidth: 5.77%

While some of the new relays were later taken offline, the majority of them stayed operational. The total number of public relays in the Tor network has increased by 13.4% during the course of our campaign.

There is an acute need for circumvention technologies in authoritarian regimes – and even activists in many would-be progressive societies may feel safer if they can avoid the electronic gaze of authorities. Jacob Appelbaum, a security researcher and advocate for the Tor Project, recently wrote:

The Tor Challenge is a phenomenal show of support for the Tor network and the network graphs show the results. The efforts expended by EFF supporters around the world have helped to continue the Tor network’s growth in a positive direction. Additionally, the educational efforts made by the EFF have similarly impacted the world; people everywhere understand the need for anonymity as well as how to use Tor to meet their needs in a practical manner.

While EFF’s Tor Challenge may have ended, individuals and organizations that want to create a more private Internet can still run Tor relays. And those who want to support Tor but aren’t tech-savvy can find an ally in TorServers.net, an organization based in Germany that provides technical assistance and support in running Tor relays.

Our gratitude goes out to the hundreds of individuals who set up relays and donated bandwidth to help strengthen the network. They are true defenders of online freedoms.

Twitter It!
Tags , | Permalink | Comment (0)
hacktivism Networking Open Source

Torbutton 1.4.0 Released

10 luglio 2011 – 17:54

La nuova versione di Tor Button è stata rilasciata

Torbutton 1.4.0 has been released at: https://www.torproject.org/torbutton/

The addon has been disabled on addons.mozilla.org. Our URL is now canonical.

This release features support for Firefox 5.0, and has been tested against the vanilla release for basic functionality. However, it has not been audited for Network Isolation, State Separation, Tor Undiscoverability or Interoperability issues due to toggling under Firefox 5.

If you desire Torbutton functionality with Firefox 4/5, we recommend you download the Tor Browser Bundle 2.2.x alphas from: https://www.torproject.org/dist/torbrowser/ or run Torbutton in its own separate Firefox profile.

The reasons for this shift are explained here: https://blog.torproject.org/blog/toggle-or-not-toggle-end-torbutton

If you find bugs specific to Firefox 5, toggling, and/or extension conflicts, file them under the component “Torbutton”: https://trac.torproject.org/projects/tor/report/14

Twitter It!
Tags , , , , , | Permalink | Comment (0)
Controllo Diritti Digitali Good News hacktivism Open Source

TAILS 0.7.2

15 giugno 2011 – 15:00

An update to the fully anonymous operating system, TAILS, is now available. Version 0.7.2 includes notable user-visible changes include:

Iceweasel
- Disable Torbutton’s external application launch warning. … which advises using Tails. Tails is running Tails.
- FoxyProxy: install from Debian instead of the older one we previously shipped.

Software
- Upgrade Linux kernel to Debian’s 2.6.32-34squeeze1: fixes tons of bugs, closes a few security holes at well.
- haveged: install an official Debian backport instead of a custom backport.
o unrar: install the version from Debian’s non-free repository. Users report unrar-free does not work well enough.

Plus the usual bunch of minor bug reports and improvements. It can be downloaded from here or via bittorrent to save everyone some bandwidth.

The fully detailed changelog can be found here

Twitter It!
Tags , , , , , , , | Permalink | Comment (0)
Controllo Crypto Diritti Digitali hacktivism Open Source Video

TOR – Website History Movie

9 giugno 2011 – 10:10

A visual history of Tor’s website through code commits

Twitter It!
Tags , , , | Permalink | Comment (0)
Crypto Diritti Digitali hacktivism Open Source

The EFF Tor Challenge

2 giugno 2011 – 14:40

La EFF lancia una campagna di supporto al progetto Tor:

Activists worldwide use Tor to protect their anonymity online and to circumvent Internet censorship. But they all rely on a limited number of user-provided “relays” to protect themselves and communicate with others. Internet users worldwide need your help to make the Tor network stronger and faster, so take the Tor Challenge today!

Tre semplici passaggi:

- Decidici in che tipo di Relay Tor vuoi gestire [cos'è un relay tor? - leggi le faq legali]

- Configura il tuo Relay Tor seguendo il tutorial video

- Comunica la creazione del nuovo Relay Tor

Buon anonimato a tutt* ;)

UPDATE: vincent (@vinzveg) has set up the exit relay v3labs. Link: www.v3-labs.info

Twitter It!
Tags , , , , | Permalink | Comment (0)

Pagina successiva »

Pagina successiva »