Page MenuHomePhabricator

Integration of YaCy with TorBrowser
Closed, ResolvedPublic

Description

The integration of YaCy with TorBrowser prevents fingerprinting while users take advantage of the censorship resistant p2p search engine.

Have wrapper scripts for yacy and privoxy settings that make them usable with Tor using the follwing instructions: https://www.whonix.org/forum/index.php?topic=314.0

Some ideas:

Request of environment variable to allow seamless use of yacy if its installed so it can sit between TBB and the GW Tor. The idea is yacy will sit side by side with the normal TBB path of TBB > Tor > Internet and take reuqests only when explicitly used rather than force everything though itself.

See if there is a way to have custom search providers in TorBrowser and include a link to a would-be yacy search portal at 127.0.0.1 that only works if the user opts to install it.

Add a YaCy searchbox in the Whonix TBB custom homepage

Temporarily document the forum post in the wiki page:
https://www.whonix.org/wiki/YaCy

Details

Impact
Normal

Event Timeline

HulaHoop created this task.May 1 2015, 4:52 AM
HulaHoop raised the priority of this task from to Needs Triage.
HulaHoop updated the task description. (Show Details)
HulaHoop set Impact to Needs Triage.
HulaHoop added a subscriber: HulaHoop.
Patrick triaged this task as Wishlist priority.May 3 2015, 6:00 AM
Patrick changed Impact from Needs Triage to Normal.
HulaHoop added a comment.EditedJun 5 2015, 6:03 PM

I don't think shipping YaCy by default is a good idea because it would need openjdk - a massive dependency. Documenting manual installation is enough. The process is easy enough anyhow. YaCy is configured to restart with the system out of the box.

  • Should we ship YaCy's Debian apt repo list - but comment it out and leave it up to the user to enable?
  • The only problem I see is TBB refusing to recognize localhost addresses which makes YaCy not usable in TBB. That's a serious problem because of fingerprinting. Can this be fixed?
  • PaX exceptions for java need to be configured when we use it.
In T291#5231, @HulaHoop wrote:

I don't think shipping YaCy by default is a good idea because it would need openjdk - a massive dependency.

Yes.

Documenting manual installation is enough.

Ok.

  • Should we ship YaCy's Debian apt repo list - but comment it out and leave it up to the user to enable?

Sounds good, we can preconfigure all so only a very few easy steps would be required to actually enable it.


  • The only problem I see is TBB refusing to recognize localhost addresses which makes YaCy not usable in TBB. That's a serious problem because of fingerprinting. Can this be fixed?

Possibly, but unrealistic. Source:

https://trac.torproject.org/projects/tor/ticket/11493

me:
Can you allow connections to 127.0.0.1 will still defeating fingerprinting issues (#10419) please?

gk:
This involves fixing ​https://bugzilla.mozilla.org/show_bug.cgi?id=354493 which is not so easy...

Not sure how useful that answer is.

(References are also listed here: https://www.whonix.org/wiki/Tor_Browser#Local_Connections)

-----

Anything is possible, but $someone would have to create a package like anon-ws-yacy.

HulaHoop added a comment.EditedJun 6 2015, 2:50 AM

There's a workaround but at cost of less fingerprinting defense: https://trac.torproject.org/projects/tor/ticket/10419#comment:37

Is it worth it?

Or maybe we can use something like rinetd somehow for a safer solution.

In T291#5255, @HulaHoop wrote:

There's a workaround but at cost of less fingerprinting defense: https://trac.torproject.org/projects/tor/ticket/10419#comment:37
Is it worth it?

Not a great solution imho. It could be added to documentation https://www.whonix.org/wiki/Tor_Browser#Local_Connections if you want. But a vague, not well described risk, I don't know. Not great. Separate ticket if you want.

Or maybe we can use something like rinetd somehow for a safer solution.

Probably not. Created T343 for it.

This comment was removed by HulaHoop.
HulaHoop closed this task as Resolved.Jun 6 2015, 7:28 PM

Workaround documented. Its not great but acceptable than using Iceweasel.

I don't know if this applies to I2P or just its management interface -if it does I'll put it under the general TBB page.

However for just accessing management interfaces locally, Iceweasel is fine

Closing this.