How to I build tor into my app? Short term developer dependency as a library

Three options Tor as a library Tor as a system extension Tor as a user experience client

We need to make this not a big deal for developers to integrate. -Comes from Apple, Google, it is just there in a depo, repo. Not easy to pick it up and put it in your app or client. We need to add 20 lines of code to drop it in

If Tor is an invisible network library, how do you configure it? Tor launcher is user configuration for tor What is the configuration, management, setup interface? Make bridge retrieval automatic?

Facebook wants to build tor into their app, but it must be .5 MB, must utilize their libevent, How do we get paid for our time, and energy? How do we have our “Signal / WhatsApp” moment? Is there a paid license, support, integration fees? Partnership fee? How do we power the humans to do it? Is the Linux foundation model to support?

TAILS as a secure OS, for mobile, for things? Get it ported to ARM What is a desktop environment user interface? What are the user stories driving this? Beyond journalist, activist? Run TAILS on a cheap, second device? Disposable device Lawyers are the new journalists…. They have bad practices Domestic violence with spousal abuse Run on compute sticks, TV based devices GP to send chromebooks to TAILS Tor in the house Tor used as a remote access point So many closed shop solutions in IoT (grill thermo device has a iGrill app; too may apps) Smarthubs try to integrate control of devices into one platform Current IoT/knx protocol don’t use any security at all Current assumptions are the LAN is safe, doesn’t require security We need to draft ideal network map for IoT where Tor can play a role Locative geofencing app sends HTTP request to home network We need a whitepaper Does every lightswitch need an onion service? Can i connect my lightswitch in germany with my bulb in america? We need to think about latency? How low can it go? Real-time What are the applications that make sense? Diagnostics, active control Sending data to a manufacturer? Get tor bundled into smarterthings, home assistant

What are different threat models and security requirements? IoT threat model vs tor browser model? Activists might be attacked, spied through these channels Timing attacks or passive monitoring might not be as important when talking about lightswitch on/off switch We need to study if we have 100 millions lightswitches running tor Research Tor vs IPv6 in terms of value of reachability, value of Tor

Wordpress, Drupal or their CMS plug-in that makes you an onion Install tor Configure onion, init the onion Add a “onion” address HTTP header or HTML header or UI element Letsencrypt onion would also set up https Can plugins to CMS run a daemon?

Self hosting bundles, darkweb intranets as onions, small business servers websites, mailservers, team workplace servers Owncloud, etherpad, XMPP, Rocketchat chat servers TAILS server Can we sell on a Raspberry Pi or Intel Compute Stick? Onion Intranet Box (OIB) or TAILS Server Box (TSB) Apt-get install “your service”, torrc.d Using Tor Onions as a remote VPN with auth, we need user experience to configure File sync and mail Collaborate with end users

How do we create gatherings about Tor for different communities Corporations, IT, small business

Can we compete with Facebook drones and Google Loon? What would it take to convince them to run Tor Bridge on their free internet endpoint?

How do we get Tor on the ISS? Is there wireless? Are they using Android or iPhones? Astronauts are geeks, how do find an astronaut is a tor phone? Signal developer, physicist might be astronaut some day How do we get a YouTube video of Tor in space? When 30 minute round trip latency is Tor viable? Is there a high latency, async Tor? JPL and AMES lunch talks? Discrediting client scientists?

System, firmware updates Stop the ability to target updates to specific people, devices You get a different update, package Make update process fully transparent Anonymity IS important here for every day people Sebastian’s master thesis? Anonymity is necessary for all people in this case, not just whistleblowers, etc

Email delivery between servers via Tor “This service delivers mail over Tor” S2D over Onions Non onion email send to a dot onion address Shown an Onion icon next to emails delivered to an Onion service MX records DNS priorities

Analytics and Crash reports over Tor

Tor built into mobile OSes GP already working Fairphone and Copperhead OSes We want them to build in Orbot, or ship as a default app Talking about Transparent tor built in Invisible to the users Fixed iptables, network stack to work the “MIA” phone model

Last modified 2 years ago Last modified on Mar 27, 2017, 3:30:10 PM