Blogs

Tor at the Heart: Tails

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today

Tails

Tails is a complete operating system designed to be used from a DVD, USB stick, or SD card independently of the computer's original operating system. It is free software and based on Debian GNU/Linux. Tails comes with several built-in applications pre-configured with security in mind: a web browser, an instant messaging client, an email client, an office suite, an image and sound editor, etc.

Tails aims at preserving privacy and anonymity online and allows users to:

  • Use the Internet anonymously to circumvent censorship; all connections to the Internet are forced to go through the Tor network. If an application tries to connect to the Internet directly, the connection is automatically blocked for security.
  • Leave no trace on the computer by default.
  • Use state-of-the-art cryptographic tools to encrypt files, emails and instant messaging.

Tails is configured with special care to not use the computer's hard-disks, even if there is some swap space on them. The only storage space used by Tails is in RAM, which is automatically erased when the computer shuts down. So you won't leave any trace on the computer either of the Tails system itself or what you used it for. This allows you to work with sensitive documents on any computer and protects you from data recovery after shutdown. Of course, you can still explicitly save specific documents to another USB stick or external hard-disk and take them away for future use.

Tails also comes with a selection of tools to protect your data using strong encryption:

  • Encrypt your USB sticks or external hard-disks using LUKS.
  • Automatically use HTTPS to encrypt all your communications to many major websites using HTTPS Everywhere.
  • Encrypt and sign your emails and documents using OpenPGP.
  • Protect your instant messaging conversations using OTR.
  • Securely delete your files and clean your diskspace using Nautilus Wipe.

Tails provides a secure platform that improves endpoint security by making it comparatively easier to use the right tools in the right way, protecting even less tech-savvy users from the most likely and highest impact risks.

Tor at the Heart: The OONI project

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today

In this post we provide an overview of OONI, a project under The Tor Project.

The Open Observatory of Network Interference (OONI) is a free software project under The Tor Project that aims to increase transparency about internet censorship around the world. To this end, OONI has developed multiple free software tests (called ooniprobe) that are designed to examine the following:

  • Blocking of websites;
  • Blocking of Instant Messaging software such as WhatsApp and Facebook Messenger;
  • Blocking of Tor, proxies, VPNs, and sensitive domains;
  • Detection of systems responsible for censorship, surveillance and traffic manipulation.

Anyone can run these tests to examine whether censorship is being implemented in their network. All data collected through ooniprobe is published and can serve as a resource for those who are interested in knowing how, when, and by whom internet censorship is being implemented. You can find OONI’s data in JSON format or via OONI Explorer: a global map for exploring and interacting with all the network measurement data that OONI has collected from 2012 to date.

Hundreds of volunteers have run ooniprobe across more than 100 countries around the world, shedding light on multiple instances of internet censorship. WhatsApp, for example, was found to be blocked in Brazil earlier this year, while Facebook and Twitter were censored during Uganda’s 2016 general elections. OONI data also shows that news websites were blocked in Iran and India, amongst many other countries, and that sites supporting LGBTI dating also appeared to be tampered with in Zambia.

OONI aims to equip the public around the world with data that can serve as evidence of internet censorship events. Such data not only shows whether a site or service was blocked, but more importantly, how it was blocked, when, where, and by whom. This type of information can be particularly useful to the following:

  • Lawyers: Examine the legality of the type of internet censorship implemented in your country, and use OONI’s data as evidence.
  • Journalists: Improve the credibility of your stories by referencing network measurement data as evidence of censorship events.
  • Researchers: Use OONI’s data to explore new questions. Researchers from the University of Cambridge and UC Berkeley, for example, were able to examine the differential treatment of anonymous users through the use of OONI data.
  • Activists, advocates, campaigners: Inform your work based on evidence of censorship events.
  • Circumvention tool projects: Inform the development of your tools and strategies based on OONI’s findings on censorship events around the world.

To empower participation in censorship research, OONI has established partnerships with local non-profit organizations around the world. Some of these organizations include:

These partnerships involve the daily collection of network measurements from local vantage points, determining which sites and services to test per country, and analyzing measurements within social, political, and legal context. Some partners, such as Sinar Project, even organize regional workshops to teach other groups and organizations how to measure internet censorship through the use of ooniprobe.

The Tor Project has supported the OONI project from day 1. Donate to The Tor Project today and help us continue to uncover internet censorship around the world.

Written by Maria Xynou, OONI’s Research and Partnerships Coordinator

Tor 0.2.8.11 is released, with small portability fixes

There's a new stable release of Tor!

Tor 0.2.8.11 backports fixes for additional portability issues that could prevent Tor from building correctly on OSX Sierra, or with OpenSSL 1.1. Affected users should upgrade; others can safely stay with 0.2.8.10.

You can download the source from the usual place on the website. Packages should be available over the next several days, including a TorBrowser release around December 14. Remember to check the signatures!

Below are the changes since 0.2.8.10.

Changes in version 0.2.8.11 - 2016-12-08

  • Minor bugfixes (portability):
    • Avoid compilation errors when building on OSX Sierra. Sierra began to support the getentropy() and clock_gettime() APIs, but created a few problems in doing so. Tor 0.2.9 has a more thorough set of workarounds; in 0.2.8, we are just using the /dev/urandom and mach monotonic time interfaces. Fixes bug 20865. Bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (portability, backport from 0.2.9.5-alpha):
    • Fix compilation with OpenSSL 1.1 and less commonly-used CPU architectures. Closes ticket 20588.

Tor at the Heart: Library Freedom Project

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today

Library Freedom Project

Library Freedom Project is an initiative that aims to make real the promise of intellectual freedom in libraries by teaching librarians and their local communities about surveillance threats, privacy rights and responsibilities, and privacy-enhancing technologies to help safeguard digital freedoms.

Why libraries?

LFP focuses on libraries for several reasons: libraries are trusted community spaces and education centers, offering free computer classes and technology access -- quite often as the only such resource in their communities. Libraries serve people from all walks of life, including immigrants, poor and working people, and others who are under greater surveillance threats. Finally, libraries have a deep historical and ideological commitment to protecting privacy; for example, librarians in the United States were some of the earliest opponents of overbroad government surveillance programs like the USA PATRIOT Act. Library Freedom Project helps librarians turn that ideological commitment into procedural and technical reality by learning to teach privacy classes, operate infrastructure for privacy-enhancing technologies, and understand what to do when faced with information requests for patron data.

LFP + Tor

Tor is an essential part of Library Freedom Project. Through privacy trainings, LFP has taught thousands of librarians about using and teaching Tor in their libraries. Dozens of these libraries have even installed Tor Browser on public computers or have started operating Tor relays to help protect privacy at home and across the world. The relationship between LFP and the Tor Project is mutually beneficial; the Tor Project builds a tool that librarians saw the need for years ago, and librarians have helped perform much needed outreach and training on behalf of Tor. Thanks to the work of LFP, Tor is well-recognized by librarians and fairly mainstream in library culture. It is not uncommon for a library conference to offer talks about using Tor in libraries, and LFP's Tor Relays in Libraries project gave international attention to the role of libraries in the fight for privacy.

Support privacy training in your local community

By supporting Tor, you're helping bring privacy to local communities through the trusted space of the library. Donate to the Tor Project today, and then tell your librarian about Library Freedom Project.

Tor at the Heart: SecureDrop

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!

SecureDrop

SecureDrop is an open-source whistleblower submission system that media organizations can install to accept documents from anonymous sources. It was originally coded by the late Aaron Swartz, with assistance from Wired editor Kevin Poulsen and James Dolan. The project was previously called DeadDrop. Freedom of the Press Foundation took over management of the project in October 2013. 

SecureDrop works by using two physical servers: a public-facing server that stores messages and documents, and a second server that performs security monitoring of the first. The code on the public-facing server is a Python web application that accepts messages and documents from the web and GPG-encrypts them for secure storage. This site is only made available as a Tor Hidden Service, which requires sources to use Tor, thus hiding their identity from both the SecureDrop server and many types of network attackers. Essentially, it’s a more secure alternative to the "contact us" form found on a typical news site. Every source who visits the site is given a unique "codename." The codename lets the source establish a relationship with the news organization without revealing his/her real identity or resorting to e-mail. They can enter the code name on a future visit to read any messages sent back from the journalist, or to submit additional documents and messages under the same persistent, but pseudonymous, identifier. The source is known by a different and unrelated code name on the journalist’s side. All of the source’s submissions, and replies to the source from journalists, are grouped together into a collection. Every time there’s a new submission by a source, their collection is bumped to the top of the submission queue. 

The SecureDrop application does not record your IP address, information about your browser, computer, or operating system. Furthermore, the SecureDrop pages do not embed third-party content or deliver persistent cookies to your browser. The server will only store the date and time of the newest message sent from each source. Once you send a new message, the time and date of your previous message is automatically deleted. Journalists are also encouraged to regularly delete all information from the SecureDrop server and store anything they would like saved in offline storage to minimize risk.

Over three dozen media organizations are currently using SecureDrop, including:

Tor at the Heart: Onion Browser (and more iOS Tor)

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!

Onion Browser

Onion Browser is an open-source iOS web browser that connects to Tor. The app has been available in the Apple App Store since 2012; it was previously $0.99 but recently became free of charge. You can download it in the App Store here and access the source code on GitHub.

In addition to Tor support, Onion Browser features an experimental NoScript-like mode, user agent spoofing, and (since August) support for obfs4 and meek bridges.

It’s primarily developed by Mike Tigas, who works as a developer and investigative journalist at ProPublica by day. (Did you know? ProPublica is one of the first major news sites to be available via an onion sitepropub3r6espa33w.onion) The app is an independent community project and is supported by Patreon backers and other donors (read more about supporting Onion Browser here), with some key support also coming from the Guardian Project.

Onion Browser isn’t the prettiest app, lacking features like tabbed browsing, and it is starting to show it’s age a bit. But it still receives regular security updates and a new user interface is actively being developed (discussed in full below).

Challenges on iOS

Tor hasn't been well-represented on iOS over the years for a variety of reasons, mostly due to system peculiarities on the iOS platform. And although there’s a version of Firefox for iOS, several challenges prevent the interoperability that Tor developers are accustomed to on other platforms.

The most glaring restriction on iOS is that you're not allowed to fork subprocesses. Tor must be compiled into the app binary and hacked to run as a thread inside the app process to work on iOS. Among other things, this means that a system-wide Tor app, like Orbot on Android, is simply not possible on the platform. (At least, not yet: read about iCepa below!) And simply relying on another app’s Tor instance — as some tools do with Tor Browser Bundle — also doesn’t work on iOS, since all of an app’s functionality is halted soon after a user switches out of the app.

Even after solving the problem of just getting Tor to run, several other quirks prevent a lot of the functionality of Tor Browser (or even Orfox) from being easily reimplemented on iOS:

  • You're not allowed to implement your own browser engine and must use the WebKit framework built into the operating system. This separates Onion Browser from Tor Browser and Orfox, which are browsers based on Firefox Gecko. (On the other hand, this inadvertently made Onion Browser immune to the Firefox vulnerability targeting Tor Browser users last week.)
  • Only the older WebKit API (UIWebView) allows control over the SOCKS settings of the browser stack, so that we can configure it to use Tor. The newer framework (WKWebView) always uses your system proxy settings and can’t be reconfigured by an app at runtime. The APIs also contain vastly different functionality so that it's not always possible to convert code relying on one API to use the other. Firefox for iOS uses the newer WKWebView framework, which unfortunately means that much of the work on Firefox for iOS is quite difficult to use in a Tor-supporting iOS browser.
  • The WebKit APIs don’t allow a lot of control over the rendering and execution of web pages, making a Tor Browser-style security slider very difficult to implement. Many multimedia features on iOS also bypass the browser network stack — in particular, the iOS video player doesn’t use the same network stack as WebKit and therefore any browser action that launches the native video player may possibly leak traffic outside of Tor. Onion Browser tries to provide some functionality to block JavaScript and multimedia, but these features aren’t yet as robust as on other platforms.

iOS developments in the community

Despite the challenges, there are quite a few positive developments on the horizon — both around Onion Browser and the larger Tor iOS landscape.

Endless is an open source browser for iOS that uses the older UIWebView API and thus can be modified to support Tor. It adds a lot of important features over the existing Onion Browser, like a nicer user interface with tabbed browsing, HTTPS Everywhere, and HSTS Preloading. There’s a new version of Onion Browser in the works that’s based on Endless that will hopefully enter beta testing this month.

The NetworkExtension framework introduced in iOS 9 allows writing custom VPN software that the iOS system can use. A small coalition of Tor iOS developers are working on a tool called iCepa to use this framework to provide a Tor VPN to the entire phone — similar to the VPN mode of Orbot on Android. The framework was introduced with a tiny 5MB memory limit — which wasn’t enough to run both Tor and the controller app. But the memory limits have been increased to usable levels in iOS 10 and Conrad Kramer, the lead iCepa developer, has been making a bit of progress in recent months.

There’s also work ongoing work to make Tor easier to implement in other apps, like Tor.framework and CPAProxy. ChatSecure for iOS uses CPAProxy to power encrypted XMPP instant messaging over Tor, and the next version of Onion Browser uses Tor.framework rather than a custom solution. Onion Browser’s obfs4/meek support comes from another similar reusable framework called iObfs. Reusable pieces like this will hopefully encourage more developers to work on iOS software that supports Tor.

Tor at the Heart: The Ahmia project

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!





The Ahmia project

Onion services are used by thousands of people every day, yet they remain as elusive as ever. There is no central repository of onion sites, and there are no great ways to find the content you are looking for. We feel that this "foggy situation" severely impacts the user experience of onion services and hence also impedes their deployment and acceptance by the general public. It's easy to dismiss the onionspace as smelly if you only read media articles about the onion sites that stink the most.

How is one supposed to navigate in the onionspace if there is no map?

On the "normal Internet," people are used to using search engines to find the content they are looking for: blogs, shops, educational resources, cat pictures. Search engines act as streetlights on the dark alleyways of the Internet; allowing people to navigate and visit the places they want.

However in the onionspace, search engines are not well established, and finding the right content is much harder. For years people have resorted to various DIY solutions for listing and finding onion addresses, but none of those solutions is particularly pleasant or complete.

Imagine Alice wants to start a blog about her cats on the onionspace. There is no good place for Alice to list her onion address so that other people can find it. Without a good search engine, it's hard for other cat fans to find her website and start building a community.

How is one supposed to catch 'em all if we don't know how many there are?

Hence, there is no better time to introduce Ahmia! Ahmia is a search engine for onion sites. The Ahmia project has been around for years, and it's been collecting public onion addresses and indexing them so that users can search for the content they are looking for.

Ahmia's indexing technology is improving, and the quality of the search results has gotten much better over the past year. Ahmia also provides an easy way for onion service operators to register their own onion sites with the search engine. Ahmia's onion site is here.

Juha Nurmi, the lead Ahmia developer, is still actively involved with the project, however writing a low-budget search engine is not an easy job! Crawling the Internet requires heavy infrastructure and is technically complicated. Discovering onion links means searching in the deepest corners of both the normal Internet and the onionspace. Ahmia is always looking for more volunteers and sources of funding! Two years ago, Tor supported Ahmia by working together in Google Summer of Code 2014.

How is one supposed to walk around if the fog machine is on?

Finally and closing with a healthy dose of paranoia, we need to remember that centralized search engines might be a temporary solution for now, but they are never the end goal. Centralized services should be avoided in high-security systems like anonymity networks, and we should always strive to build decentralized systems and to research alternative ways to make anonymity systems more usable. There is lots of work to be done.

Donate and get involved!

Thank you for reading and enjoy Monday!

Tor at the Heart: apt-transport-tor and Debian onions

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!

apt-transport-tor and Debian onions

Did you know that when you're using Debian, you can configure your operating system package installs and updates to route through Tor?

Doing updates via Tor provides some really compelling security properties. One of the big benefits is that an attacker can't target you for a malicious update: even if they manage to steal some package signing keys and break into the update server and replace packages, they still can't tell that it's you asking for the update. So if they want to be sure you get the malicious update, they're forced to attack everybody who updates, which means a really noisy attack that is much more likely to get noticed. This anonymity goal is one of the main reasons that Tor Browser does its updates over Tor as well.

Another big feature of updating via Tor is that the package repository, or somebody watching it, can't track what programs you've installed. Similarly, somebody spying on your Internet connection will have a tougher time learning which packages you fetch (though this part of the protection is not as strong, since maybe they can count bytes or something and guess).

As Debian's blog puts it:

"The freedom to use open source software may be compromised when access to that software is monitored, logged, limited, prevented, or prohibited. As a community, we acknowledge that users should not feel that their every action is trackable or observable by others. Consequently, we are pleased to announce that we have started making several of the various web services provided by both Debian and Tor available via onion services."

Not showing the world what packages you fetch is good common-sense data hygiene, but it can also provide safety when you're updating a package due to a security vulnerability, and you don't want people to learn that you're running a vulnerable version right now.

How does it work from a technical perspective? The apt-transport-tor deb package introduces a new "tor+http" transport that you can use in your /etc/apt/sources.list file -- so while before you would typically list a Debian package repository as being an "http" address, now you can list it as being a "tor+http" address. Debian has its own official onion addresses for its package repositories, along with onion addresses for many of its other sites and services — and they even use Donncha's OnionBalance tool to provide redundancy and scaling. (Also, since the nice person who helps run Debian's infrastructure also helps to run our infrastructure, that means we now have onion addresses for many of Tor's sites and services too!)

You can configure your Debian system to update via Tor by following the directions at the bottom of the Debian blog post. A growing number of privacy-oriented Debian derivatives, including Tails, use apt-transport-tor as their default way of doing updates, and we think that's a great and important trend.

Syndicate content Syndicate content