[Tails-dev] Tails's plans for Tor's stream isolation in Tor …

このメッセージを削除

このメッセージに返信
著者: proper
日付:  
To: tails-dev
題目: [Tails-dev] Tails's plans for Tor's stream isolation in Tor 0.2.3?
I recently asked on [tor-talk] "How to force redirect each application through separate SocksPorts? (preventing identity correlation)" [1] without much results.

At the moment Tails configures applications using the correct proxy settings. For example gpg http proxy settings -> polip http proxy -> Tor SocksPort. Like mentioned [1] this is not optimal, since everything gets pressed through the same SocksPort and therefore identity correlation through circuit sharing is at risk. When Tor 0.2.3 gets released, Tails should make extensive use of the stream isolation and multiple SocksPorts.

What are Tails's plans to redirect each application through it's own SocksPort?

I've seen, you are about to install torsocks with next Tails release 0.12. [3]

- Luckily we can set an enviromenment variable TORSOCKS_CONF_FILE, which torsocks will obey. (Have a glimpse at man torsocks and man usewithtor for details.)
- torsocks/usewithtor is affected from a bug. "libtorsocks(2471): The symbol res_query() was not found in any shared library. The error reported was: not found!" But I guess you will be shipping a patches version?

And here comes my suggestion... usewithtor should be patched to support setting proxy-ip and proxy-port by command line options. I wouldn't know how to phrase complex command line options with sh (like usewithtor -proxy-ip 127.0.0.1 -proxy-port 9052 -proxy-type 5, were everything with optionals, defaults). But I hacked together a version, which can be used like this: 'sudo ip=127.0.0.1 port=9053 ./uwt apt-get update' [4]. My modified version of usewithtor, which I call uwt, creates a temporary torsocks configuration file, updates the environment variable TORSOCKS_CONF_FILE and finally calls torsocks with the given application arguments. Perhaps someone want a less hackish implementation and patches torsocks directly, to add support for more command line arguments.

The open question, which remains... If a user types 'gpg <...>', 'wget <...>' or 'apt-get <...>' in console, how to reinterpret it as "ip=127.0.0.1 port=9053 uwt gpg <...>" so it's gets it's own SocksPort?

[1] https://lists.torproject.org/pipermail/tor-talk/2012-June/024497.html
[2] https://trac.torproject.org/projects/tor/wiki/doc/torsocks
[3] https://tails.boum.org/todo/install_torsocks/
[4] https://trac.torproject.org/projects/tor/wiki/doc/torsocks

______________________________________________________
powered by Secure-Mail.biz - anonymous and secure e-mail accounts.