3rd Party use of Tor + Onions Everywhere
- Why most apps still don't use Tor?
- Apps, browsers, messaging apps, operating system
- How can we make it easier for them to use Tor?
- We need to better empower developers, technical people to successful pitch Tor integration to product management
- How do we evolve our ability to coordinate with "kickstarters" pitching Tor for "anonymity" etc, beyond just cease & desist?
Meejah: There's no way of "managing Tor". How do you spin up an onion? Should 5 different apps all start up their own Tor? Control Port filters can make it safer to share Tor. There should be a way of setting capabilities to Control Port clients.
NetCipher library acts as a control port filter on mobile. https://github.com/guardianproject/netcipher
Sukhbir: How do you share the Tor process? Should you share the Tor process? Previous discussions: Berlin (Mark) and Amsterdam.
- Do we need a library for every language? What is the developer user experience? Can we document, publish and promote this?
- Having official documentation from the Tor Project could be especially useful.
- Nathan wrote up a how-to for Home Assistant.
- We could write a Tor Integration Guide
Modularizing tor binary can help. Client-only version?
On Mobile, the concerns have been data overhead and battery; Impact to the application lifecycle
- Hidden services took 30 seconds (hardcoded delay). Is that still true?
- On Raspberry Pi, having ARM optimization would be great.
- Everytime you open Onion Browser, you ahve to reconnect to tor.
- iOS: Tor.Framework allows you to compile in a statically=linked copy of Tor into your app. Some API for a few control port things. Tor runs in the same process. Tor thread tends to hang when user leaves the app and returns to it. A bug in core tor? Open a ticket on Tor trac.
A big barrier to using more apps on iOS on tor is that you have to compile it in.
In some places, Tor violates local law. How do we deal with that?
Purism Librem 5 phone: GNU/Linux PureOS. Why isn't Tor on that? Somebody should get in touch with Purism to get Tor in their phone.
How much energy should we put into lobbying vs providing guidelines?
Uplifting bugs from Tor Browser helps to build confidence.
Planning sessions in Austin join sessions between network teams. Working out a well-thought-out migration plan is very important. Looking for benefits/internal positioning statement is very important. Mozilla "Playing to Win" framework.
Can we improve our ability to form partnerships with third parties? Seizing opportunities.
Having a part of website that shows Partners/Third Party Apps/Communities.
For a new product: write document for launch day, and work backwards from that.
- trac.torproject.org Tickets to file:
- Value of hidden services: #23853 (moved)
- Tor Integration Guide: #23851 (moved)
- Homepage for Tor ecosystem: list of success stories: #23850 (moved)
- Guide/info to help for developers/technical staff to pitch Tor to buziness/strategy managers: #23852 (moved)
- Tor thread tends to hang when user leaves the app and returns to it.
- Tor.framework is the current iOS library for Tor: https://github.com/iCepa/Tor.framework
- Tun2Tor library: connect VPN Tun interface to Tor SOCKS port: https://github.com/iCepa/tun2tor (part of https://github.com/iCepa/iCepa)
- Tor as static/shared library is a thing that is needed, and Tor needs some rearchitecture on entrypoints, etc, to manage that
- Need to be careful about partnering with potentially sketchy/poor reputation of kickstarter/indieogo hardware projects
What Kind Of Things We Want Tor to Run On
- Smarthubs home/IoT
- Librem 5 GNU+Linux phone: https://puri.sm/shop/librem-5/
- Novena: https://www.crowdsupply.com/sutajio-kosagi/novena ?
- Mozilla WebThings / IoT: http://iot.mozilla.org/
- EdgeX Foundry: https://www.edgexfoundry.org/
- ResinOS: https://resinos.io/
- Brave browser?
- Digital Ocean / Amazon Web Services / Cloud? (easy .onion deployment)
Other Useful Links
- Orbot Data Tax: https://guardianproject.info/2012/06/20/orbot-data-tax/
- Internet of Onion Things: https://github.com/n8fr8/talks/blob/master/onion_things/Internet%20of%20Onion%20Things.pdf
- https://hbr.org/store/landing/playing-to-win-strategy-toolkit
- Open Canvas (to identify value proposition): https://docs.google.com/presentation/d/1BZNT9UTeehxTffrbec8obQFE3XoppVt5MyfB3brEO60/edit?usp=sharing
- ProPublica onion site announcement + guide https://www.propublica.org/nerds/a-more-secure-and-anonymous-propublica-using-tor-hidden-services <alt: https://www.propub3r6espa33w.onion/nerds/a-more-secure-and-anonymous-propublica-using-tor-hidden-services>
Things That Use Tor Today
- Alec's Enterprise Onion Toolkit: https://github.com/alecmuffett/eotk https://motherboard.vice.com/en_us/article/aeppzj/this-company-will-create-your-own-tor-hidden-service
- Julius' house: https://twitter.com/Mittenzwei/status/883702181089640448
- Nathan's house: https://www.wired.com/2016/07/now-can-hide-smart-home-darknet/
- Nathan's interns car: https://medium.com/@PerryGrossman/secure-car-sensor-analytics-73367ab22fdc
- Tahoe-LAFS: https://blog.torproject.org/tor-heart-tahoe-lafs
- Facebook Android: https://www.facebook.com/notes/facebook-over-tor/adding-tor-support-on-android/814612545312134
- ChatSecure iOS: https://chatsecure.org/blog/chatsecure-ios-v3-released/
- Onion Browser iOS: https://www.patreon.com/posts/quick-onion-2-0-12054247
- Orbot/ Orfox (Tor Browser Android): https://guardianproject.info/apps/orfox/
- Pogo Plug : https://pogoplug.com/safeplug
- Betterspot Travel Router: https://betterspot.com/features
- Home Assistant smart router open-source: https://home-assistant.io/docs/ecosystem/tor/
- Briar Project (Onion to Onion Android Messenger): https://www.briarproject.org/
- Microsoft Thali Project (peer to peer web) : http://thaliproject.org/ https://github.com/thaliproject/Tor_Onion_Proxy_Library
- Firefox Focus / Klar: https://github.com/mozilla-mobile/focus-android/pull/825
- SecureDrop (36+ installs!): https://blog.torproject.org/tor-heart-securedrop
- Globaleaks: https://blog.torproject.org/tor-heart-globaleaks
- OnionShare: https://onionshare.org/
- Ricochet: https://ricochet.im/
- Tor Messenger: https://blog.torproject.org/tor-messenger-050b1-released
- ?