Page MenuHomePhabricator
Create Task
Maniphest T94

research non-persistent entry guards
Closed, ResolvedPublic
Actions

Description

older info:

update:

Number of entry guards was reduced to 1 since then. (As per changelog.)

see also:

TODO:

  • Under the new situation of reduced number of default entry guards, ask the above questions again to see if situation has changed.

Documentation could explain how to stop the Tor service; wipe Tor's data dir; start Tor service; connect.

Editing /etc/tor/torrc by adding the following could do the trick.

DataDirectory /var/run/tor

After every reboot, Tor would use new entry guards. Maybe extra AppArmor rules would be required.

Details

Impact
Needs Triage

Related Objects

Event Timeline

JasonJAyalaP created this task.Jan 16 2015, 8:00 PM
JasonJAyalaP raised the priority of this task from to Normal.
JasonJAyalaP updated the task description. (Show Details)
JasonJAyalaP added projects: Whonix, user documentation, enhancement.
JasonJAyalaP added subscribers: Patrick, troubadour, JasonJAyalaP.

Adding DataDirectory /var/run/tor to /etc/tor/torrc could do the trick. After every reboot, Tor would use new entry guards. Maybe extra AppArmor rules would be required.

So, first, we need someone to study and test this and report back.

Patrick added a comment.Jan 17 2015, 12:22 AM

/var/lib/tor is owned by user/group debian-tor.
/var/run/tor is owned by user/group root.
Therefore using DataDirectory /var/run/tor in /etc/tor/torrc would maybe not be a great idea. (Would lead to permission issue.)

Must be some non-persistent folder owned by user/group debian-tor.

Patrick renamed this task from Document non-persistent entry guards to research non-persistent entry guards.Jan 17 2015, 12:27 AM
Patrick updated the task description. (Show Details)
Patrick added a project: research.
Patrick updated the task description. (Show Details)
Patrick added a subscriber: HulaHoop.
Patrick updated the task description. (Show Details)Jun 21 2015, 12:13 PM
Patrick set Impact to Needs Triage.
Herald added a subscriber: WhonixQubes. · View Herald TranscriptJun 21 2015, 12:13 PM
Patrick updated the task description. (Show Details)Jun 21 2015, 12:25 PM
Patrick updated the task description. (Show Details)Jun 21 2015, 12:34 PM
HulaHoop added a comment.EditedJun 21 2015, 7:53 PM

A script on boot up that runs

chgrp -R debian-tor /var/run/tor

can do it?

http://ss64.com/bash/chgrp.html

Patrick added a comment.Jun 21 2015, 10:23 PM

Seems like on jessie there is no permission issue anymore. /var/run/tor is owned by user/group debian-tor by default. Check /etc/init.d/tor function check_torpiddir. Therefore /etc/tor/torrc setting DataDirectory /var/run/tor works out of the box in Whonix 11.

[/usr/lib/whonixcheck/check_tor_pid](https://github.com/Whonix/whonixcheck/blob/master/usr/lib/whonixcheck/check_tor_pid) in whonixcheck needs a patch. That whonixcheck test fails because it's hardcoded to /var/run/tor/tor.pid. For Whonix 11 purposed you could add to documentation to skip this test then.*

*(Somewhat documented in /etc/whonix.d/30_whonixcheck_default. Create a file /etc/whonix.d/50_user with content whonixcheck_skip_functions+=" check_tor_pid ".)

Patrick added a comment.Jun 22 2015, 4:22 PM

Where to add this? Not sure where this fits best.

Maybe on https://www.whonix.org/wiki/Tor?

Link from:

Maybe mentioned on:

HulaHoop added a comment.Jun 22 2015, 7:37 PM

Where to add this? Not sure where this fits best.

Maybe on https://www.whonix.org/wiki/Tor?

Yes I added it there.

Patrick added a comment.Jun 22 2015, 11:09 PM

Good work! Added to https://www.whonix.org/wiki/Documentation. Moved/incorporated Tor chapter from https://www.whonix.org/wiki/Advanced_Security_Guide#Tor to https://www.whonix.org/wiki/Tor. Made some changes.

On https://www.whonix.org/wiki/Documentation the page https://www.whonix.org/wiki/Tor is listed under advanced topics. Non-ideal. Too buried. Not something regular users read.

What about making https://www.whonix.org/wiki/Tor#Introduction a template (https://www.whonix.org/wiki/Template:Persistent_Entry_Guards_Introduction), and adding a new chapter to the https://www.whonix.org/wiki/Warning page 'Guard Relays can make you fingerprintable Across Different Physical Locations' or so? (Is "fingerprintable" the right term here?) What do you think? Could you do that please?

Patrick closed this task as Resolved.Feb 10 2016, 5:32 PM
Patrick claimed this task.

https://www.whonix.org/wiki/Warning#Persistent_Tor_Entry_Guard_Relays_can_make_you_trackable_Across_Different_Physical_Locations

Patrick mentioned this in T469: research non-persistent Tor directory guards.Feb 10 2016, 6:44 PM
Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer