tor

A Quick, Simple Guide to Tor and the Internet of Things (So Far)

"The Internet of Things" is the remote control and networking of everyday devices ranging from a family's lawn sprinkler or babycam to a corporation's entire HVAC system.

Tor Project contributor Nathan Freitas, Executive Director of The Guardian Project, has developed a new way to use Tor's anonymous onion services to protect the "Internet of Things." The new system, while experimental, is also scalable.

The system uses Home Assistant, a free, open-source platform built on Python, that can run on Raspberry Pi and other devices. It easily can be set up to control and network people’s “Internet of Things” —home security systems, toasters, thermostats, smart lightbulbs, weather sensors and other household appliances. The new "Tor Onion Service Configuration" setup is available on their website.

"The Tor Project wants Tor privacy technology to be integrated into everyday life so that people don't have to log on to it—their privacy and security are built in. Nathan's work with Home Assistant is an early but important milestone," said Shari Steele, Tor's Executive Director.

The great danger with the "Internet of Things" (or IoT) is the opportunity for surveillance--for an individual hacker or a state actor to accumulate, store, and exploit very private information against individuals or companies.

These attacks are far from hypothetical: We've read about the ability for an attacker to see and speak to a baby through a babycam or hack and control a car. Attackers stole 40 million credit card numbers after they hacked into a national retailer's HVAC system and used it to reach their computer system and their customers.

Tor has developed a way to build a buffer of privacy between the baby and the Internet--so that the baby (or the HVAC system) is never exposed to the open Internet at all. Instead of a hackable, single point of failure, attackers must contend with the global network of thousands of Tor nodes.

"Too many 'Things' in our homes, at our hospitals, in our businesses and throughout our lives are exposed to the public Internet without the ability to protect their communication. Tor provides this, for free, with real-world hard ended, open-source software and strong, state of the art cryptography," said Nathan Freitas, Executive Director of the Guardian Project.

“Networked sensors and the Internet of Things are projected to grow substantially, and this has the potential to drastically change surveillance. The still images, video, and audio captured by these devices may enable real-time intercept and recording with after-the-fact access. Thus an inability to monitor an encrypted channel could be mitigated by the ability to monitor from afar a person through a different channel.”

--"DON'T PANIC," Berkman Klein Center's report on encryption
https://cyber.law.harvard.edu/pubrelease/dont-panic/

More Information:

• Guardian Project video explaining the Tor/Home Assistant system: https://www.youtube.com/watch?v=j2yT-0rmgDA

• Guardian Project's easy-to-understand slides:
https://github.com/n8fr8/talks/blob/master/onion_things/Internet%20of%20...

• Home Assistant page on setting up Tor:
https://home-assistant.io/cookbook/tor_configuration/

Tor 0.2.8.5-rc is released

Tor 0.2.8.5-rc has been released! You can download the source from the Tor website. Packages should be available over the next week or so.

Tor 0.2.8.5-rc is the second release candidate in the Tor 0.2.8 series. If we find no new bugs or regressions here, the first stable 0.2.8 release will be identical to it. It has a few small bugfixes against previous versions.

PLEASE NOTE: This is a release candidate. We think that we solved all of the showstopper bugs, but we also thought the same thing about 0.2.8.4-rc: crucial bugs may remain. Please only run this release if you're willing to test and find bugs. If no showstopper bugs are found, we'll be putting out 0.2.8.6 as a stable release.

Changes in version 0.2.8.5-rc - 2016-07-07

  • Directory authority changes:
    • Urras is no longer a directory authority. Closes ticket 19271.
  • Major bugfixes (heartbeat):
    • Fix a regression that would crash Tor when the periodic "heartbeat" log messages were disabled. Fixes bug 19454; bugfix on tor-0.2.8.1-alpha. Reported by "kubaku".
  • Minor features (build):
    • Tor now again builds with the recent OpenSSL 1.1 development branch (tested against 1.1.0-pre6-dev). Closes ticket 19499.
    • When building manual pages, set the timezone to "UTC", so that the output is reproducible. Fixes bug 19558; bugfix on 0.2.2.9-alpha. Patch from intrigeri.
  • Minor bugfixes (fallback directory selection):
    • Avoid errors during fallback selection if there are no eligible fallbacks. Fixes bug 19480; bugfix on 0.2.8.3-alpha. Patch by teor.
  • Minor bugfixes (IPv6, microdescriptors):
    • Don't check node addresses when we only have a routerstatus. This allows IPv6-only clients to bootstrap by fetching microdescriptors from fallback directory mirrors. (The microdescriptor consensus has no IPv6 addresses in it.) Fixes bug 19608; bugfix on 0.2.8.2-alpha.
  • Minor bugfixes (logging):
    • Reduce pointlessly verbose log messages when directory servers can't be found. Fixes bug 18849; bugfix on 0.2.8.3-alpha and 0.2.8.1-alpha. Patch by teor.
    • When a fallback directory changes its fingerprint from the hard- coded fingerprint, log a less severe, more explanatory log message. Fixes bug 18812; bugfix on 0.2.8.1-alpha. Patch by teor.
  • Minor bugfixes (Linux seccomp2 sandboxing):
    • Allow statistics to be written to disk when "Sandbox 1" is enabled. Fixes bugs 19556 and 19957; bugfix on 0.2.5.1-alpha and 0.2.6.1-alpha respectively.
  • Minor bugfixes (user interface):
    • Remove a warning message "Service [scrubbed] not found after descriptor upload". This message appears when one uses HSPOST control command to upload a service descriptor. Since there is only a descriptor and no service, showing this message is pointless and confusing. Fixes bug 19464; bugfix on 0.2.7.2-alpha.
  • Fallback directory list:
    • Add a comment to the generated fallback directory list that explains how to comment out unsuitable fallbacks in a way that's compatible with the stem fallback parser.
    • Update fallback whitelist and blacklist based on relay operator emails. Blacklist unsuitable (non-working, over-volatile) fallbacks. Resolves ticket 19071. Patch by teor.
    • Update hard-coded fallback list to remove unsuitable fallbacks. Resolves ticket 19071. Patch by teor.

Tor 0.2.8.4-rc is released!

Tor 0.2.8.4-rc has been released! You can download the source from the Tor website. Packages should be available over the next week or so.

Tor 0.2.8.4-rc is the first release candidate in the Tor 0.2.8 series. If we find no new bugs or regressions here, the first stable 0.2.8 release will be identical to it. It has a few small bugfixes against previous versions.

PLEASE NOTE: This is a release candidate. We think that we solved all
of the showstopper bugs, but crucial bugs may remain. Please only run
this release if you're willing to test and find bugs. If no
showstopper bugs are found, we'll be putting out 0.2.8.5 as a stable
release.

Changes in version 0.2.8.4-rc - 2016-06-15

  • Major bugfixes (user interface):
    • Correctly give a warning in the cases where a relay is specified by nickname, and one such relay is found, but it is not officially Named. Fixes bug 19203; bugfix on 0.2.3.1-alpha.
  • Minor features (build):
    • Tor now builds once again with the recent OpenSSL 1.1 development branch (tested against 1.1.0-pre5 and 1.1.0-pre6-dev).

  read more »

Tor 0.2.8.3-alpha is released

Tor 0.2.8.3-alpha has been released! You can download the source from the Tor website. Packages should be available over the next week or so.

Tor 0.2.8.3-alpha resolves several bugs, most of them introduced over the course of the 0.2.8 development cycle. It improves the behavior of directory clients, fixes several crash bugs, fixes a gap in compiler hardening, and allows the full integration test suite to run on more platforms.

REMEMBER: This is an alpha release. Expect a lot of bugs. You should only run this release if you're willing to find bugs and report them.

Changes in version 0.2.8.3-alpha - 2016-05-26

  • Major bugfixes (security, client, DNS proxy):
    • Stop a crash that could occur when a client running with DNSPort received a query with multiple address types, and the first address type was not supported. Found and fixed by Scott Dial. Fixes bug 18710; bugfix on 0.2.5.4-alpha.
  • Major bugfixes (security, compilation):
    • Correctly detect compiler flags on systems where _FORTIFY_SOURCE is predefined. Previously, our use of -D_FORTIFY_SOURCE would cause a compiler warning, thereby making other checks fail, and needlessly disabling compiler-hardening support. Fixes one case of bug 18841; bugfix on 0.2.3.17-beta. Patch from "trudokal".

  read more »

Tor 0.2.8.2-alpha is released

Tor 0.2.8.2-alpha has been released! You can download the source from the Tor website. Packages should be available over the next week or so.

Tor 0.2.8.2-alpha is the second alpha in its series. It fixes numerous bugs in earlier versions of Tor, including some that prevented authorities using Tor 0.2.7.x from running correctly. IPv6 and directory support should also be much improved.

REMEMBER: This is an alpha release. Expect a lot of bugs. You should only run this release if you're willing to find bugs and report them.

Changes in version 0.2.8.2-alpha - 2016-03-28

  • New system requirements:
    • Tor no longer supports versions of OpenSSL with a broken implementation of counter mode. (This bug was present in OpenSSL 1.0.0, and was fixed in OpenSSL 1.0.0a.) Tor still detects, but no longer runs with, these versions.
    • Tor no longer attempts to support platforms where the "time_t" type is unsigned. (To the best of our knowledge, only OpenVMS does this, and Tor has never actually built on OpenVMS.) Closes ticket 18184.
    • Tor now uses Autoconf version 2.63 or later, and Automake 1.11 or later (released in 2008 and 2009 respectively). If you are building Tor from the git repository instead of from the source distribution, and your tools are older than this, you will need to upgrade. Closes ticket 17732.
  • Major bugfixes (security, pointers):
    • Avoid a difficult-to-trigger heap corruption attack when extending a smartlist to contain over 16GB of pointers. Fixes bug 18162; bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely. Reported by Guido Vranken.

  read more »

Tor 0.2.8.1-alpha is released

Tor 0.2.8.1-alpha has been released! You can download the source from the Tor website. Packages should be available over the next several days.

Tor 0.2.8.1-alpha is the first alpha release in its series. It includes numerous small features and bugfixes against previous Tor versions, and numerous small infrastructure improvements. The most notable features are a set of improvements to the directory subsystem.

PLEASE NOTE: This is an alpha release. Expect a lot of bugs. You should really only run this release if you're willing to find bugs and report them.

Changes in version 0.2.8.1-alpha - 2016-02-04

  • Major features (security, Linux):
    • When Tor starts as root on Linux and is told to switch user ID, it can now retain the capability to bind to low ports. By default, Tor will do this only when it's switching user ID and some low ports have been configured. You can change this behavior with the new option KeepBindCapabilities. Closes ticket 8195.
  • Major features (directory system):
    • When bootstrapping multiple consensus downloads at a time, use the first one that starts downloading, and close the rest. This reduces failures when authorities or fallback directories are slow or down. Together with the code for feature 15775, this feature should reduces failures due to fallback churn. Implements ticket 4483. Patch by "teor". Implements IPv4 portions of proposal 210 by "mikeperry" and "teor".
    • Include a trial list of default fallback directories, based on an opt-in survey of suitable relays. Doing this should make clients bootstrap more quickly and reliably, and reduce the load on the directory authorities. Closes ticket 15775. Patch by "teor". Candidates identified using an OnionOO script by "weasel", "teor", "gsathya", and "karsten".
    • Previously only relays that explicitly opened a directory port (DirPort) accepted directory requests from clients. Now all relays, with and without a DirPort, accept and serve tunneled directory requests that they receive through their ORPort. You can disable this behavior using the new DirCache option. Closes ticket 12538.

  read more »

Tor Messenger Beta: Chat over Tor, Easily

Today we are releasing a new, beta version of Tor Messenger, based on Instantbird, an instant messaging client developed in the Mozilla community.

What is it?

Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and others; enables Off-the-Record (OTR) Messaging automatically; and has an easy-to-use graphical user interface localized into multiple languages.

What it isn't...

Tor Messenger builds on the networks you are familiar with, so that you can continue communicating in a way your contacts are willing and able to do. This has traditionally been in a client-server model, meaning that your metadata (specifically the relationships between contacts) can be logged by the server. However, your route to the server will be hidden because you are communicating over Tor.

We are also excited about systems like Pond and Ricochet, which try to solve this problem, and would encourage you to look at their designs and use them too.

Why Instantbird?

We considered a number of messaging clients: Pidgin, Adam Langley's xmpp-client, and Instantbird. Instantbird was the pragmatic choice -- its transport protocols are written in a memory-safe language (JavaScript); it has a graphical user interface and already supports many natural languages; and it's a XUL application, which means we can leverage both the code (Tor Launcher) and in-house expertise that the Tor Project has developed working on Tor Browser with Firefox. It also has an active and vibrant software developer community that has been very responsive and understanding of our needs. The main feature it lacked was OTR support, which we have implemented and hope to upstream to the main Instantbird repository for the benefit of all Instantbird (and Thunderbird) users.

Current Status

Today we are releasing a beta version with which we hope to gain both usability and security related feedback. There have been three previous alpha releases to the mailing lists that have already helped smooth out some of the rougher edges.

Downloads (Updated)

Get the latest version

Instructions

  • On Linux, extract the bundle(s) and then run: ./start-tor-messenger.desktop
  • On OS X, copy the Tor Messenger application from the disk image to your local disk before running it.
  • On all platforms, Tor Messenger sets the profile folder for Firefox/Instantbird to the installation directory.

  • Note that as a policy, unencrypted one-to-one conversations are not allowed and your messages will not be transmitted if the person you are talking with does not have an OTR-enabled client. You can disable this option in the preferences to allow unencrypted communication but doing so is not recommended.

Source Code

We are doing automated builds of Tor Messenger for all platforms.

The Linux builds are reproducible: anyone who builds Tor Messenger for Linux should have byte-for-byte identical binaries compared with other builds from a given source. You can build it yourself and let us know if you encounter any problems or cannot match our build. The Windows and OS X builds are not completely reproducible yet but we are working on it.

What's to Come

Our current focus is security, robustness and user experience. We will be fixing bugs and releasing updates as appropriate, and in the future, we plan on pairing releases with Mozilla's Extended Support Release (ESR) cycle. We have some ideas on where to take Tor Messenger but we would like to hear what you have to say. Some possibilities include:

How To Help

Give it a try and provide feedback, requests, and file bugs (choose the "Tor Messenger" component). If you are a developer, help us close all our tickets or help us review our design doc. As always, we are idling on IRC in #tor-dev (OFTC) (nicks: arlolra; boklm; sukhe) and subscribed to the tor-talk/dev mailing lists.

Please note that this release is for users who would like to help us with testing the product but at the same time who also understand the risks involved in using beta software.

Thanks and we hope you enjoy Tor Messenger!


Update: For Windows 10 (and some Windows 7, 8) users who were experiencing an issue in Tor Messenger where it wouldn't start, we have updated the download links above with a newer version that fixes the problem described in bug 17453.

Tor 0.2.7.4-rc is released

Tor 0.2.7.4-rc is the second release candidate in the 0.2.7 series. It fixes some important memory leaks, and a scary-looking (but mostly harmless in practice) invalid-read bug. It also has a few small bugfixes, notably fixes for compilation and portability on different platforms. If no further significant bounds are found, the next release will the the official stable release.

NOTE: This is a release candidate. We think we've squashed most of the bugs, but there are probably a few more left over.

You can download the source from the usual place on the website.
Packages should be up in a few days.

Changes in version 0.2.7.4-rc - 2015-10-21
  • Major bugfixes (security, correctness):
    • Fix an error that could cause us to read 4 bytes before the beginning of an openssl string. This bug could be used to cause Tor to crash on systems with unusual malloc implementations, or systems with unusual hardening installed. Fixes bug 17404; bugfix on 0.2.3.6-alpha.
  • Major bugfixes (correctness):
    • Fix a use-after-free bug in validate_intro_point_failure(). Fixes bug 17401; bugfix on 0.2.7.3-rc.

  read more »

Tor 0.2.7.3-rc is released

Tor 0.2.7.3-rc is the first release candidate in the 0.2.7 series. It contains numerous usability fixes for Ed25519 keys, safeguards against several misconfiguration problems, significant simplifications to Tor's callgraph, and numerous bugfixes and small features.

This is the most tested release of Tor to date. The unit tests cover 39.40% of the code, and the integration tests (accessible with "make test-full-online", requiring stem and chutney and a network connection) raise the coverage to 64.49%.

NOTE: This is a release candidate. We think we've squashed most of the bugs, but there are probably a few more left over.

Changes in version 0.2.7.3-rc - 2015-09-25

  • Major features (security, hidden services):
    • Hidden services, if using the EntryNodes option, are required to use more than one EntryNode, in order to avoid a guard discovery attack. (This would only affect people who had configured hidden services and manually specified the EntryNodes option with a single entry-node. The impact was that it would be easy to remotely identify the guard node used by such a hidden service. See ticket for more information.) Fixes ticket 14917.
  • Major features (Ed25519 keys, keypinning):
    • The key-pinning option on directory authorities is now advisory- only by default. In a future version, or when the AuthDirPinKeys option is set, pins are enforced again. Disabling key-pinning seemed like a good idea so that we can survive the fallout of any usability problems associated with Ed25519 keys. Closes ticket 17135.

  read more »

Tor 0.2.7.2-alpha is released

This, the second alpha in the Tor 0.2.7 series, has a number of new features, including a way to manually pick the number of introduction points for hidden services, and the much stronger Ed25519 signing key algorithm for regular Tor relays (including support for encrypted offline identity keys in the new algorithm).

Support for Ed25519 on relays is currently limited to signing router descriptors; later alphas in this series will extend Ed25519 key support to more parts of the Tor protocol.

If you typically build Tor from source, you can download the source code from the usual place on the website.
Packages should be up in a few days.

Changes in version 0.2.7.2-alpha - 2015-07-27
  • Major features (Ed25519 identity keys, Proposal 220):
    • All relays now maintain a stronger identity key, using the Ed25519 elliptic curve signature format. This master key is designed so that it can be kept offline. Relays also generate an online signing key, and a set of other Ed25519 keys and certificates. These are all automatically regenerated and rotated as needed. Implements part of ticket 12498.
    • Directory authorities now vote on Ed25519 identity keys along with RSA1024 keys. Implements part of ticket 12498.
    • Directory authorities track which Ed25519 identity keys have been used with which RSA1024 identity keys, and do not allow them to vary freely. Implements part of ticket 12498.
    • Microdescriptors now include Ed25519 identity keys. Implements part of ticket 12498.
    • Add support for offline encrypted Ed25519 master keys. To use this feature on your tor relay, run "tor --keygen" to make a new master key (or to make a new signing key if you already have a master key). Closes ticket 13642.
  • Major features (Hidden services):
    • Add the torrc option HiddenServiceNumIntroductionPoints, to specify a fixed number of introduction points. Its maximum value is 10 and default is 3. Using this option can increase a hidden service's reliability under load, at the cost of making it more visible that the hidden service is facing extra load. Closes ticket 4862.
    • Remove the adaptive algorithm for choosing the number of introduction points, which used to change the number of introduction points (poorly) depending on the number of connections the HS sees. Closes ticket 4862.

  read more »

Syndicate content Syndicate content