wiki:org/meetings/2017Montreal/Notes/EncouragingThirdPartyIntegrationAndOnionServicesEverywhere

3rd Party use of Tor + Onions Everywhere

  • Why most apps still don't use Tor?
  • Apps, browsers, messaging apps, operating system
  • How can we make it easier for them to use Tor?
  • We need to better empower developers, technical people to successful pitch Tor integration to product management
  • How do we evolve our ability to coordinate with "kickstarters" pitching Tor for "anonymity" etc, beyond just cease & desist?

Meejah: There's no way of "managing Tor". How do you spin up an onion? Should 5 different apps all start up their own Tor? Control Port filters can make it safer to share Tor. There should be a way of setting capabilities to Control Port clients.

NetCipher library acts as a control port filter on mobile. https://github.com/guardianproject/netcipher

Sukhbir: How do you share the Tor process? Should you share the Tor process? Previous discussions: Berlin (Mark) and Amsterdam.

  • Do we need a library for every language? What is the developer user experience? Can we document, publish and promote this?
  • Having official documentation from the Tor Project could be especially useful.
  • Nathan wrote up a how-to for Home Assistant.
  • We could write a Tor Integration Guide

Modularizing tor binary can help. Client-only version?

On Mobile, the concerns have been data overhead and battery; Impact to the application lifecycle

  • Hidden services took 30 seconds (hardcoded delay). Is that still true?
  • On Raspberry Pi, having ARM optimization would be great.
  • Everytime you open Onion Browser, you ahve to reconnect to tor.
  • iOS: Tor.Framework allows you to compile in a statically=linked copy of Tor into your app. Some API for a few control port things. Tor runs in the same process. Tor thread tends to hang when user leaves the app and returns to it. A bug in core tor? Open a ticket on Tor trac.

A big barrier to using more apps on iOS on tor is that you have to compile it in.

In some places, Tor violates local law. How do we deal with that?

Purism Librem 5 phone: GNU/Linux PureOS. Why isn't Tor on that? Somebody should get in touch with Purism to get Tor in their phone.

How much energy should we put into lobbying vs providing guidelines?

Uplifting bugs from Tor Browser helps to build confidence.

Planning sessions in Austin join sessions between network teams. Working out a well-thought-out migration plan is very important. Looking for benefits/internal positioning statement is very important. Mozilla "Playing to Win" framework.

Can we improve our ability to form partnerships with third parties? Seizing opportunities.

Having a part of website that shows Partners/Third Party Apps/Communities.

For a new product: write document for launch day, and work backwards from that.

  • trac.torproject.org Tickets to file:
    • Value of hidden services: #23853
    • Tor Integration Guide: #23851
    • Homepage for Tor ecosystem: list of success stories: #23850
    • Guide/info to help for developers/technical staff to pitch Tor to buziness/strategy managers: #23852
    • Tor thread tends to hang when user leaves the app and returns to it.

What Kind Of Things We Want Tor to Run On

Other Useful Links

Things That Use Tor Today

https://motherboard.vice.com/en_us/article/aeppzj/this-company-will-create-your-own-tor-hidden-service

Last modified 13 months ago Last modified on Oct 14, 2017, 2:40:23 AM