|
|
|
|
|
|
|
|
3rd Party use of Tor + Onions Everywhere
|
|
|
|
|
|
- Why most apps still don't use Tor?
|
|
|
- Apps, browsers, messaging apps, operating system
|
|
|
- How can we make it easier for them to use Tor?
|
|
|
- We need to better empower developers, technical people to successful pitch Tor integration to product management
|
|
|
- How do we evolve our ability to coordinate with "kickstarters" pitching Tor for "anonymity" etc, beyond just cease & desist?
|
|
|
|
|
|
Meejah: There's no way of "managing Tor". How do you spin up an onion? Should 5 different apps all start up their own Tor? Control Port filters can make it safer to share Tor. There should be a way of setting capabilities to Control Port clients.
|
|
|
|
|
|
NetCipher library acts as a control port filter on mobile.
|
|
|
https://github.com/guardianproject/netcipher
|
|
|
|
|
|
Sukhbir: How do you share the Tor process? Should you share the Tor process? Previous discussions: Berlin (Mark) and Amsterdam.
|
|
|
|
|
|
|
|
|
- Do we need a library for every language? What is the developer user experience? Can we document, publish and promote this?
|
|
|
- Having official documentation from the Tor Project could be especially useful.
|
|
|
- Nathan wrote up a how-to for Home Assistant.
|
|
|
- We could write a Tor Integration Guide
|
|
|
|
|
|
Modularizing tor binary can help. Client-only version?
|
|
|
|
|
|
On Mobile, the concerns have been data overhead and battery; Impact to the application lifecycle
|
|
|
|
|
|
- Hidden services took 30 seconds (hardcoded delay). Is that still true?
|
|
|
- On Raspberry Pi, having ARM optimization would be great.
|
|
|
- Everytime you open Onion Browser, you ahve to reconnect to tor.
|
|
|
- iOS: Tor.Framework allows you to compile in a statically=linked copy of Tor into your app. Some API for a few control port things. Tor runs in the same process. Tor thread tends to hang when user leaves the app and returns to it. A bug in core tor? Open a ticket on Tor trac.
|
|
|
|
|
|
A big barrier to using more apps on iOS on tor is that you have to compile it in.
|
|
|
|
|
|
In some places, Tor violates local law. How do we deal with that?
|
|
|
|
|
|
Purism Librem 5 phone: GNU/Linux PureOS. Why isn't Tor on that? Somebody should get in touch with Purism to get Tor in their phone.
|
|
|
|
|
|
How much energy should we put into lobbying vs providing guidelines?
|
|
|
|
|
|
Uplifting bugs from Tor Browser helps to build confidence.
|
|
|
|
|
|
Planning sessions in Austin join sessions between network teams. Working out a well-thought-out migration plan is very important. Looking for benefits/internal positioning statement is very important. Mozilla "Playing to Win" framework.
|
|
|
|
|
|
Can we improve our ability to form partnerships with third parties? Seizing opportunities.
|
|
|
|
|
|
Having a part of website that shows Partners/Third Party Apps/Communities.
|
|
|
|
|
|
For a new product: write document for launch day, and work backwards from that.
|
|
|
|
|
|
|
|
|
* trac.torproject.org Tickets to file:
|
|
|
* Value of hidden services: #23853
|
|
|
* Tor Integration Guide: #23851
|
|
|
* Homepage for Tor ecosystem: list of success stories: #23850
|
|
|
* Guide/info to help for developers/technical staff to pitch Tor to buziness/strategy managers: #23852
|
|
|
* Tor thread tends to hang when user leaves the app and returns to it.
|
|
|
|
|
|
|
|
|
- Tor.framework is the current iOS library for Tor: https://github.com/iCepa/Tor.framework
|
|
|
- Tun2Tor library: connect VPN Tun interface to Tor SOCKS port: https://github.com/iCepa/tun2tor (part of https://github.com/iCepa/iCepa)
|
|
|
- Tor as static/shared library is a thing that is needed, and Tor needs some rearchitecture on entrypoints, etc, to manage that
|
|
|
- Need to be careful about partnering with potentially sketchy/poor reputation of kickstarter/indieogo hardware projects
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
What Kind Of Things We Want Tor to Run On
|
|
|
- Smarthubs home/IoT
|
|
|
- Librem 5 GNU+Linux phone: https://puri.sm/shop/librem-5/
|
|
|
- Novena: https://www.crowdsupply.com/sutajio-kosagi/novena ?
|
|
|
- Mozilla WebThings / IoT: http://iot.mozilla.org/
|
|
|
- EdgeX Foundry: https://www.edgexfoundry.org/
|
|
|
- ResinOS: https://resinos.io/
|
|
|
- Brave browser?
|
|
|
- Digital Ocean / Amazon Web Services / Cloud? (easy .onion deployment)
|
|
|
|
|
|
|
|
|
|
|
|
Other Useful Links
|
|
|
- Orbot Data Tax: https://guardianproject.info/2012/06/20/orbot-data-tax/
|
|
|
- Internet of Onion Things: https://github.com/n8fr8/talks/blob/master/onion_things/Internet%20of%20Onion%20Things.pdf
|
|
|
- https://hbr.org/store/landing/playing-to-win-strategy-toolkit
|
|
|
- Open Canvas (to identify value proposition): https://docs.google.com/presentation/d/1BZNT9UTeehxTffrbec8obQFE3XoppVt5MyfB3brEO60/edit?usp=sharing
|
|
|
- ProPublica onion site announcement + guide https://www.propublica.org/nerds/a-more-secure-and-anonymous-propublica-using-tor-hidden-services <alt: https://www.propub3r6espa33w.onion/nerds/a-more-secure-and-anonymous-propublica-using-tor-hidden-services>
|
|
|
|
|
|
|
|
|
Things That Use Tor Today
|
|
|
- Alec's Enterprise Onion Toolkit: https://github.com/alecmuffett/eotk
|
|
|
https://motherboard.vice.com/en_us/article/aeppzj/this-company-will-create-your-own-tor-hidden-service
|
|
|
- Julius' house: https://twitter.com/Mittenzwei/status/883702181089640448
|
|
|
- Nathan's house: https://www.wired.com/2016/07/now-can-hide-smart-home-darknet/
|
|
|
- Nathan's interns car: https://medium.com/@PerryGrossman/secure-car-sensor-analytics-73367ab22fdc
|
|
|
- Tahoe-LAFS: https://blog.torproject.org/tor-heart-tahoe-lafs
|
|
|
- Facebook Android: https://www.facebook.com/notes/facebook-over-tor/adding-tor-support-on-android/814612545312134
|
|
|
- ChatSecure iOS: https://chatsecure.org/blog/chatsecure-ios-v3-released/
|
|
|
- Onion Browser iOS: https://www.patreon.com/posts/quick-onion-2-0-12054247
|
|
|
- Orbot/ Orfox (Tor Browser Android): https://guardianproject.info/apps/orfox/
|
|
|
- Pogo Plug : https://pogoplug.com/safeplug
|
|
|
- Betterspot Travel Router: https://betterspot.com/features
|
|
|
- Home Assistant smart router open-source: https://home-assistant.io/docs/ecosystem/tor/
|
|
|
- Briar Project (Onion to Onion Android Messenger): https://www.briarproject.org/
|
|
|
- Microsoft Thali Project (peer to peer web) : http://thaliproject.org/ https://github.com/thaliproject/Tor_Onion_Proxy_Library
|
|
|
- Firefox Focus / Klar: https://github.com/mozilla-mobile/focus-android/pull/825
|
|
|
- SecureDrop (36+ installs!): https://blog.torproject.org/tor-heart-securedrop
|
|
|
- Globaleaks: https://blog.torproject.org/tor-heart-globaleaks
|
|
|
- OnionShare: https://onionshare.org/
|
|
|
- Ricochet: https://ricochet.im/
|
|
|
- Tor Messenger: https://blog.torproject.org/tor-messenger-050b1-released
|
|
|
- ?
|
|
|
|