wiki:doc/TorBOX/Readme

Version 50 (modified by proper, 6 years ago) (diff)

Tor Controller

aos Homepage

YOU can help!

YOU can help!

  1. aos is as easy as shell scripting. We need developers! Join Dev.
  2. aos needs a webmaster.

    YOU can help!

Project News

2012-07-17
1 Rebranding. aos is the new project name. The process of rebranding is ongoing. Also all links have to be renamed. That will be done as soon as a new home for aos has been found.
2 A aos (previously called TorBOX) source code 0.2.1 is now on github. The source code will be polished so it will be easier to understand, maintain and contribute. The devel branch contains latest changes.

2012-07-16
1 aos 0.2.1 has been released. It's Alpha quality software. There were no testers beside proper. You can download it. While this release contains many security enhancements, new minor usability bugs have been introduced. See TorBOX/Changelog for a comprehensive list of changes and known issues. Proper decided to release this even with the minor bugs since the security improvements are important.
2 The gnome-terminal has a minor bug, at startup the it's black on black, therefor you can't see anything. Simply change the colors manually.
3 proper has a new pseudonym, adrelanos.
4 Due to trademark issues TorBOX must be rebranded. TorBOX needs a new name, and a new home, a new website. Stay tuned for updates.

2012-07-14
aos 0.2.1 will come out soon. Before officially releasing it, I'd like to have a few testers. If you are interested, please contact adrelanos a-t riseup do-t net.

2012-06-14
A bad news and a good news.
1 Unfortunately, the upcoming download version, aos 0.2.0, will not be functional on older hardware with non-PAE CPU's.
2 Fortunately, users with non-PAE CPU's, will still be able to build aos 0.2.0 from source. The situation may improve in future. The FAQ entry has been updated.

2012-06-02
1 The latest TorButton update may break Tor Browser within aos. We'll post soon an update with a solution. Update 1: Tor Browser behind a transparent proxy or aos.
2 A bug crashing aos has been reported offsite. It happens when you try to run aos on older hardware, which does not support PAE. A new FAQ entry with a interim solution has been posted. The bug will be fixed in aos 0.2.0. UPDATE: Unfortunately will only partially fixed, see news above.

2012-05-29
1 The New Identity button of Tor Button in Tor Browser with aos is defunct. See aos/ApplicationWarningsAndNotes#TorBrowser for an explanation why, what the New Identity button does and for a workaround.

2012-05-21
1 New article: All about Browser Plugins (such as Flash) in conjunction with aos.

2012-04-25
1 New optional feature. You can use a Secondary DNS resolver.

2012-04-24
1 New optional feature. There is now a limited workaround for Tunneling UDP over Tor using VPNs.

2012-04-10
We have a bunch of new/updated articles/stuff. Here is a selection.
1 new: Rudimentary aos Support for Other Anonymizing Networks (People who are only interested in Tor, do not have to read.)
2 updated: aos/SecurityAndHardening
3 new: aos/Trust
4 updated: Tunneling Proxy/SSH/VPN through Tor (Tor -> Proxy/SSH/VPN)
5 new: A Free example VPN working with aos for testing purposes
6 new: Tunneling UDP over Tor (Update: see news)
7 Optional new feature: Hide your aos usage / Torify the aos-Gateway (Update: done in aos-Gateway.sh 0.2.0 and above)
8 Hardened Gentoo based aos-Gateway

2012-04-02
1 Critical issue with /var/lib/tor for all users who downloaded the aos Binary images.
Users who manually configured aos or used build from source are not affected.

On your aos-Gateway.

  1. If you were using hidden services, backup your keys (/var/lib/tor/hidden_service/).
  2. Execute the following:
    sudo -i 
    service tor stop
    rm -r /var/lib/tor/*
    service tor start
    exit
    

This will delete the content of the Tor data directory /var/lib/tor. Technical background: the Tor consensus and your entry guards are stored there. These should not be shared along all aos users.

2012-03-25
1 Binary images for aos 0.1.3 are now available! These are affected by the critical issue above.

2012-03-24
1 All users should update to 0.1.3!
Users of aos 0.1.* can update using the update script. Users of aos versions prior the introduction of version numbers should reinstall following our build instructions or Physical Isolation instructions. Update: or download the latest ready-made images.

2012-03-22
1 TorBOX has now a logo. Thanks to XJ!

2012-03-06
1 Identity correlation through circuit sharing (Update: This is now closed, there is nothing we can do about till the current alpha version of Tor becomes stable; Update 2: aos is already working with the current Tor alpha and prepared for the next Tor stable, see aos-Gateway.sh.)

2012-03-03
1 Alpha builds available at http://sourceforge.net/projects/torbox/files/

2012-02-16
1 This is resolved in the latest version of aos. Resolved in aos 0.1.3 and above. Only important prior aos 0.1.3.
It would be prudent if all aos users would use the same time zone, as some applications do leak it, this hasn't been advised earlier. Do this on your aos-Workstation and on your aos-Gateway. Type in console

sudo dpkg-reconfigure tzdata

then choose etc (at the bottom) and then choose UTC.

2 new: Hosting hidden services

2012-01-11
1 Project started. Historical very first version.

Checklist

On aos-Gateway and aos-Workstation

  • If using a distributed image with a default password immediately change it: In a terminal type:
    passwd
    
    and follow the instructions. The default password is "changeme"
  • Regularly check for security updates and apply them with:
    sudo apt-get update && sudo apt-get dist-upgrade
    

On aos-Gateway

  • To change the keyboard layout in aos-Gateway:
    sudo dpkg-reconfigure keyboard-configuration
    
  • To shut down the gateway simply enter
    poweroff
    

On aos-Workstation

  • Little hint for people not Familiar with Openbox (the desktop used in aos-Workstation):
    Right-click anywhere on the desktop to open the main menu. Windows+Space will also open the menu.

aos users can update the TorBrowser with 'sudo TorBOX-Workstation -update'

  • If you want to change the keyboard layout from the default "us":
    Open a Terminal and run
    KEYMAP=us && setxkbmap $KEYMAP && echo "setxkbmap $KEYMAP &" > ~/.config/openbox/autostart
    
    Replace "us" with your country code.
  • Verify you are connected to Tor: https://check.torproject.org
    Note that this site may falsely claim that updates are available. This is because torcheck was written for TBB and does not support the transparent proxy mode.
  • To prevent against time zone leaks, the clock was set to UTC.

On the host

We recommend you use a dedicated OS installation just for hosting the aos VMs (See aos/SecurityAndHardening) Always install the latest security updates. Keep your system secure, install security software, use a screen lock if you leave the computer, encrypt all hard drives, wipe RAM on shutdown (e.g. using a kexec script) - or do not leave the computer unattended immediately after shutdown.

Network Time Syncing

If you trust your local network and ISP not to actively attack you, you can skip this step.

To this day there is no reliable and trustworthy way to set up a correct system time - this isn't just a problem for Tor or aos. Most Operating Systems use NTP which is insecure. NTP messages can be altered through a MITM attack which could introduce an adversary controlled "clock skew". This can be used to attack Tor users in a number of ways. Until this problem is solved upstream in Tor we recommend as an interim solution to regularly verify the time "out of band" with a trusted source like a watch or mobile phone and to disable internet time syncing. On Windows: Disable Internet Time syncing in "Date and Time Settings" > "Internet Time". On Debian/Ubuntu run 'sudo apt-get remove ntpdate', to set the clock use:

sudo date -s "17 FEB 2012 24:00:00" && sudo hwclock -w

Whenever you cold-start a VM in VirtualBox the VM clock is synced with the host clock.

We know that this isn't the most userfriendly solution but we are putting security here above usability because correct time is absolutely crucial. For further discussions, alternative solutions and explanations please go to Setting correct time (NTP/HTP).

TorBrowser

A future update of TorButton might break TorBrowser running in aos-Workstation, since the update resets the network settings. If that happens, update Tor Browser using the script. If that won't work, try updating manually. In case TorBrowser inside aos-Workstation breaks again, we post a news again, with instructions on how to fix the issue. It might be wise to have always a working Tor Browser Bundle installed on your host, so you can check the aos homepage for news.

XChat / IRC

XChat has been hardened according to TorifyHOWTO/XChat. All servers, beside the secure (SSL) version of OFTC have been removed. You are encouraged to add the secure version of your IRC server. (Preferably a hidden service, SSL as a fallback or at best, both.) See also TorifyHOWTO/XChat.

On OFTC is the official #tor. Note that no aos developers hang out there. For contacting aos developers, see Questions / Discussion.

Some networks, some hidden IRC servers, such as freenode, require SASL to connect to them.

All XChat plugins have been deactivated (hardening) and moved to /usr/lib/xchat/plugins.disabled. If you really need a plugin, such as perl for SASL, you can use the example below.

sudo mv /usr/lib/xchat/plugins.disabled/perl.so /usr/lib/xchat/plugins/

Setting up SASL is outside the scope of this document, have a look into TorifyHOWTO/XChat.

Tor Controller / Vidalia / Arm

Since aos does not include Vidalia, we recommend Arm. It's already preinstalled on aos 0.2.1 and above. Simply type on aos-Gateway:

arm

Frequently Asked Questions

See FAQ.

Contacting aos developers / Feedback / Questions

At the moment there is only one active aos developer: adrelanos (aka proper). You'll get an answer, but please be patient.

Two ways.

  1. aos Dev page section for Questions / Discussion. Either login cypherpunks password writecode or register. 1
  2. Or aos forum at sourceforge.org. Anonymous and registered postings possible. Postings will be moderated manually to stop spam bots. 2

paranoid-info™®:
1 torproject.org policy, SSL.
2 sourceforge.org is host. SSL only for registered users.

Please carefully read the following

  • aos/DISCLAIMER
  • The best Tor and aos setup does not help, if the applications you are using, are insecure and do compromise your identity (for example metadata or browser fingerprinting). To prevent that, be sure to read aos/ApplicationWarningsAndNotes.
  • Some suggestions how to improve the security of aos (Recommended!). aos/SecurityAndHardening

Looking for additional features? Visit aos/OptionalConfigurations.

Updates to aos related articles will be visible at tor-wiki-changes -- Changes from the Tor wiki, under History (History button at the top of every wiki site) and under Tor wiki recent changes (click on Index by Date). Some important stuff will be listed under Project News. Anonymity isn't a program or setup, it's a process, new knowledge is being gathered as we speak, you are advised to follow The Mailing List and the Tor Blog.

Please consider making donation to https://www.torproject.org - without Tor, aos wouldn't be possible! Consider making a (annual/monthly) Donation and/or host a Tor bridge or Tor (exit) node.

Authorship / Credits

For Authors/Changelog, sources, credits and license, please have a look under aos/Authorship and aos/Changelog.

Optional Configurations

These are all OPTIONAL configurations. If you would like to use any of these features, go ahead and follow the instructions. However, you do not have to add any of those additional functions if you see no need for them.

aos/OptionalConfigurations
For example:

Index Of Related Pages

Just a list with all aos related wiki sites. Not so important.