Page MenuHomePhabricator
Feed Advanced Search

Apr 6 2019

Patrick renamed T887: download Tor Browser on Whonix-Gateway as provider for latest Tor and pluggable transports from make TBB usable as "system Tor", so latest Tor and pluggable transports can be used on Whonix-Gateway to download Tor Browser on Whonix-Gateway as provider for latest Tor and pluggable transports.
Apr 6 2019, 8:50 PM · circumvention, tb-updater, Whonix
Patrick removed a project from T386: meek Pluggable Transport: Debian version 10 codename Buster.
Apr 6 2019, 4:38 PM · enhancement, circumvention, Whonix
Patrick updated subscribers of T386: meek Pluggable Transport.
Apr 6 2019, 4:38 PM · enhancement, circumvention, Whonix

May 12 2018

Patrick added a comment to T386: meek Pluggable Transport.

meek might be dead by then:
https://forums.whonix.org/t/replacing-meek-snowflake

May 12 2018, 5:17 PM · enhancement, circumvention, Whonix

Feb 6 2018

Patrick removed a project from T520: install fteproxy by default in Whonix-Gateway when porting to Debian stretch: Debian version 9 codename Stretch.
Feb 6 2018, 1:03 AM · systemd, AppArmor, research, user documentation, enhancement, Whonix, circumvention

Sep 8 2017

JasonJAyalaP closed T676: fix obfs4proxy AppArmor issue in Whonix 14 as Resolved.
Sep 8 2017, 1:54 AM · Whonix 14, Whonix, AppArmor, circumvention

Sep 6 2017

JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Ah I see.

Sep 6 2017, 8:23 PM · Whonix 14, Whonix, AppArmor, circumvention

Sep 5 2017

Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

JasonJAyalaP (Jason J. Ayala P.):

JasonJAyalaP added a comment.

I changed it to
NoNewPrivileges=No
That's the only thing I can imagine that would be causing that parsing error. Testing now
> torproject's stretch repository [1] does not contain tor_0.3.1.5 yet.
Once TPOs stretch repo contains the latest, this workaround will no longer be needed, correct?
Sep 5 2017, 12:04 PM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

with =no, I'm no longer getting the parsing error

sudo journalctl | grep workaround

but /lib/systemd/system/tor@default.service is unaffected

# Hardening
AppArmorProfile=system_tor
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
...
Sep 5 2017, 11:56 AM · Whonix 14, Whonix, AppArmor, circumvention

Sep 4 2017

JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

with =no, I'm no longer getting the parsing error

Sep 4 2017, 11:29 PM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

I changed it to
NoNewPrivileges=No
That's the only thing I can imagine that would be causing that parsing error. Testing now

Sep 4 2017, 11:11 PM · Whonix 14, Whonix, AppArmor, circumvention

Sep 3 2017

Patrick reopened T676: fix obfs4proxy AppArmor issue in Whonix 14 as "Open".
Sep 3 2017, 2:12 PM · Whonix 14, Whonix, AppArmor, circumvention

Jul 6 2017

JasonJAyalaP closed T676: fix obfs4proxy AppArmor issue in Whonix 14 as Resolved.
Jul 6 2017, 5:57 PM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a project to T676: fix obfs4proxy AppArmor issue in Whonix 14: Whonix 14.

Please keep the Whonix 14 tag. I guess this can be closed, resolved?

Jul 6 2017, 2:35 PM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

JasonJAyalaP (Jason J. Ayala P.):

JasonJAyalaP added a comment.

Ok I created the workaround as you described:
https://github.com/Whonix/anon-gw-anonymizer-config/commit/bfe28e340d03cc4d77e4f49e24bcc0a9da42da06
Jul 6 2017, 2:28 PM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP removed a project from T676: fix obfs4proxy AppArmor issue in Whonix 14: Whonix 14.
Jul 6 2017, 12:25 AM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Debian bug report:

Jul 6 2017, 12:25 AM · Whonix 14, Whonix, AppArmor, circumvention

Jul 5 2017

JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Ok I created the workaround as you described:
https://github.com/Whonix/anon-gw-anonymizer-config/blob/master/lib/systemd/system/tor@default.service.d/40_obfs4proxy-workaround.conf

Jul 5 2017, 11:36 PM · Whonix 14, Whonix, AppArmor, circumvention

Jul 1 2017

Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

JasonJAyalaP (Jason J. Ayala P.):

JasonJAyalaP added a comment.
Two things work:

  1. Changing obfs4 execution permission in system_tor apparmor profile

(abstractions/tor) from PUx to ix.

  1. Keeping PUx but removing "NoNewPrivileges" from tor@default

systemd service (/lib/systemd/system)

Jul 1 2017, 11:57 AM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Two things work:

Jul 1 2017, 2:42 AM · Whonix 14, Whonix, AppArmor, circumvention

Jun 30 2017

Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Pux (already Tor's default) is alright.

Jun 30 2017, 12:44 PM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

I commented out the lines in local/system_tor about obfsproxy. This caused obfsproxy to fail. Changing obfsproxy to rix didn't work. But I'm confused at what I'm seeing, and so I'm still looking at it.

Jun 30 2017, 3:57 AM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Comment that and obfs4proxy can run as PUx (instead of needing ix)

Jun 30 2017, 3:38 AM · Whonix 14, Whonix, AppArmor, circumvention

Jun 29 2017

Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

To save you from somehow learning about systemd overrides the hard way...

Jun 29 2017, 2:34 PM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

In this case, a /local file can probably not do the trick.

Jun 29 2017, 2:30 PM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Ah. I didn't see the include. Makes sense.

Jun 29 2017, 2:14 PM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Ah. I didn't see the include. Makes sense.

Jun 29 2017, 3:26 AM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

/etc/apparmor.d/system_tor after #include <abstractions/tor> and #include <local/system_tor> will be interpreted like the following, I think:

Jun 29 2017, 3:01 AM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

But what I really don't know is how system_tor interacts with abstractions/

Jun 29 2017, 2:55 AM · Whonix 14, Whonix, AppArmor, circumvention

Jun 28 2017

JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

AA doesn't report a denied message when tor tries to launch obfs4. However:

Jun 28 2017, 11:55 PM · Whonix 14, Whonix, AppArmor, circumvention

Jun 26 2017

Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Yes. Because the other solution "not use AppArmor for Tor" is not a great one. It worked in Whonix 13, just needs to be fixed for Whonix 14.

Jun 26 2017, 1:37 PM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

To be clear:
Tor ships a broken apparmor profile (for the last 5 years? Suggested nuke of the profile 3 years ago), and we're trying to unbreak obfs4, correct?

Jun 26 2017, 11:40 AM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

/etc/apparmor.d/system_tor is unmodified, owned by Debian tor packabe. /etc/apparmor.d/system_tor Will #include <local/system_tor>.

Jun 26 2017, 10:58 AM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Which app armor profile is blocking obfs4?

Jun 26 2017, 10:53 AM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Which app armor profile is blocking obfs4? Something from us or an apparmor profile that comes from tpo?

Jun 26 2017, 10:33 AM · Whonix 14, Whonix, AppArmor, circumvention

Jun 22 2017

Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

That's why we need to sort it out in https://github.com/Whonix/apparmor-profile-anondist/blob/master/etc/apparmor.d/abstractions/base.anondist somehow.

Jun 22 2017, 12:09 PM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Tor's own app armor profile breaks needed features (obs4). The ticket is 4 years old with no progress. Even they complained about needed to resolve or remove it (years ago).

Jun 22 2017, 2:28 AM · Whonix 14, Whonix, AppArmor, circumvention

Jun 5 2017

Patrick updated the task description for T676: fix obfs4proxy AppArmor issue in Whonix 14.
Jun 5 2017, 2:47 PM · Whonix 14, Whonix, AppArmor, circumvention
Patrick renamed T676: fix obfs4proxy AppArmor issue in Whonix 14 from test obfs4proxy in Whonix 14 to fix obfs4proxy AppArmor issue in Whonix 14.
Jun 5 2017, 2:45 PM · Whonix 14, Whonix, AppArmor, circumvention

Jun 3 2017

JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

You're right. /var/run/tor/log reports
"Could not launch managed proxy executable /usr/bin/obfs4proxy Operation not permitted"

Jun 3 2017, 7:17 PM · Whonix 14, Whonix, AppArmor, circumvention
Patrick added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

Is the obfs4proxy package installed? Probably yes.

Jun 3 2017, 3:19 PM · Whonix 14, Whonix, AppArmor, circumvention
JasonJAyalaP added a comment to T676: fix obfs4proxy AppArmor issue in Whonix 14.

I was trying obfs4proxy in whonix-gateway. I editted the torrc to UseBridges 1 and added the Client Transport line (note, torrc.examples says to add "managed" at the end; https://github.com/Yawning/obfs4 does not). I then added bridges from tpo (bridge obfs4 ip ... ).
Whonixcheck reports WARNING can't connect to bridge REASON=PT_MISSING
PT_Missing is an error from stem: "no pluggable transport was available"

Jun 3 2017, 1:31 AM · Whonix 14, Whonix, AppArmor, circumvention

May 16 2017

Patrick created T676: fix obfs4proxy AppArmor issue in Whonix 14.
May 16 2017, 4:06 PM · Whonix 14, Whonix, AppArmor, circumvention

Feb 11 2017

Patrick updated the task description for T520: install fteproxy by default in Whonix-Gateway when porting to Debian stretch.
Feb 11 2017, 7:01 AM · systemd, AppArmor, research, user documentation, enhancement, Whonix, circumvention
Patrick removed a project from T520: install fteproxy by default in Whonix-Gateway when porting to Debian stretch: Whonix 14.

Not easy. Need to wait for reply from TPO.

Feb 11 2017, 7:00 AM · systemd, AppArmor, research, user documentation, enhancement, Whonix, circumvention
Patrick updated the task description for T520: install fteproxy by default in Whonix-Gateway when porting to Debian stretch.
Feb 11 2017, 6:57 AM · systemd, AppArmor, research, user documentation, enhancement, Whonix, circumvention
Patrick updated the task description for T520: install fteproxy by default in Whonix-Gateway when porting to Debian stretch.
Feb 11 2017, 6:53 AM · systemd, AppArmor, research, user documentation, enhancement, Whonix, circumvention

Jan 18 2017

Patrick added a project to T520: install fteproxy by default in Whonix-Gateway when porting to Debian stretch: Whonix 14.
Jan 18 2017, 6:58 AM · systemd, AppArmor, research, user documentation, enhancement, Whonix, circumvention

Jan 15 2017

Patrick edited projects for T386: meek Pluggable Transport, added: Debian version 10 codename Buster; removed Debian version 9 codename Stretch.

Didn't make it into Debian version 9 codename Stretch. Rechecking in Debian version 10 codename Buster.

Jan 15 2017, 6:56 AM · enhancement, circumvention, Whonix

Jan 9 2017

Patrick closed T116: document how to use TBB as "system Tor" inside Whonix-Gateway as Invalid.

Calling this a duplicate of T118.

Jan 9 2017, 12:27 PM · research, user documentation, circumvention, enhancement, Whonix
Patrick closed T116: document how to use TBB as "system Tor" inside Whonix-Gateway, a subtask of T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix, as Invalid.
Jan 9 2017, 12:27 PM · javascript, enhancement, circumvention, research, Whonix
Patrick updated the task description for T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.
Jan 9 2017, 9:44 AM · javascript, enhancement, circumvention, research, Whonix

Jun 13 2016

Patrick created T520: install fteproxy by default in Whonix-Gateway when porting to Debian stretch.
Jun 13 2016, 5:06 PM · systemd, AppArmor, research, user documentation, enhancement, Whonix, circumvention
Patrick added a project to T386: meek Pluggable Transport: Debian version 9 codename Stretch.

Will be checking on this ticket during porting to Debian version 9 codename Stretch (or +1 more depending on when meek lands in Debian).

Jun 13 2016, 3:34 PM · enhancement, circumvention, Whonix
Patrick reopened T386: meek Pluggable Transport as "Open".
In T386#6199, @HulaHoop wrote:

Closing this ticket.
Its part of a bigger project of how we want to add pluggable transport support for Whonix, discussed in https://phabricator.whonix.org/T118

Jun 13 2016, 3:31 PM · enhancement, circumvention, Whonix

Feb 22 2016

HulaHoop added a comment to T74: Research Circumvention Tools.

Then we exactly point that out.

Feb 22 2016, 8:12 PM · research, Whonix, circumvention

Feb 21 2016

Patrick added a comment to T74: Research Circumvention Tools.

HulaHoop (HulaHoop):

I've thought about it and I don't think we should advise putting
censorship circumvention tools between a user and entry guard (except
bridges and pluggable transports of course). All other tools besides
pluggable transports are ill equipped to resist protocol
fingerprinting and can have security problems. Using them to mask Tor
traffic would be a red flag that narrows the user base to people who
have seen this page which goes against advGoalTracking.

Feb 21 2016, 10:14 PM · research, Whonix, circumvention
HulaHoop added a comment to T74: Research Circumvention Tools.

I've thought about it and I don't think we should advise putting censorship circumvention tools between a user and entry guard (except bridges and pluggable transports of course). All other tools besides pluggable transports are ill equipped to resist protocol fingerprinting and can have security problems. Using them to mask Tor traffic would be a red flag that narrows the user base to people who have seen this page which goes against advGoalTracking.

Feb 21 2016, 4:31 PM · research, Whonix, circumvention

Feb 17 2016

Patrick updated subscribers of T74: Research Circumvention Tools.
Feb 17 2016, 9:45 PM · research, Whonix, circumvention

Nov 16 2015

Patrick updated the task description for T386: meek Pluggable Transport.
Nov 16 2015, 6:44 PM · enhancement, circumvention, Whonix

Oct 6 2015

Patrick added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.

I don't think it's important for the implementation of this ticket. However, this is as I guess things internally work...

Oct 6 2015, 6:17 PM · javascript, enhancement, circumvention, research, Whonix
Patrick updated subscribers of T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.
Oct 6 2015, 6:00 PM · javascript, enhancement, circumvention, research, Whonix
Patrick added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.

A note about T118. Been on and off on that one. It looks like tor-launcher is merely settings variables, and that the actual work (like editing torrc or starting meek-client) is done downstream, in firefox or wherever. So I'm not sure it's even possible achieve the bridges settings that way, without starting Tor browser.

Oct 6 2015, 5:43 PM · javascript, enhancement, circumvention, research, Whonix

Oct 4 2015

Patrick lowered the priority of T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix from Normal to Wishlist.
  • Couldn't talk to the ones working on tor-launcher at Tor summer dev meeting 2015. mp / geko not working on this. Therefore still no feedback on how a patch could be designed.
  • Roger said,
    • it's not worth it going through lengths to make TBB/tor-launcher work as system Tor.
    • Pluggable transports will not be changing that fast for now. Duplicating an alternative to tor-launcher and proper packaging for meek would be the way forward.
  • Fragile / crazy idea.
Oct 4 2015, 1:51 PM · javascript, enhancement, circumvention, research, Whonix

Aug 19 2015

Patrick added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.

Did some analysis, had the tor-browser_en-US folder managed by git before/during/post update.

Aug 19 2015, 10:40 PM · javascript, enhancement, circumvention, research, Whonix
Patrick added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.

I see. Sounds interesting. It's still unclear if checkrestart is capable of monitoring arbitrary processes that are not managed by dpkg/apt-get. And if it would be easier to replicate this lsof based check rather than bending checkrestart to do that. (Also undesirable to have both checkrestart and needrestart installed at the same time, see T324.)

Aug 19 2015, 10:20 PM · javascript, enhancement, circumvention, research, Whonix
HulaHoop added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.

Checkrestart is a Python application wrapping lsof (“list open files”). It tries to identify files used by processes that are not in the file system anymore. How so?
Note that during an update a certain binary file becomes replaced: the new version is first downloaded to disk and then rename()ed in order to overwrite the original. During POSIX rename() the old file becomes deleted. But the old file is still in use! The standard says that if any process still has a file open during its deletion, that file will remain “in existence” until the last file descriptor referring to it is closed. While these files that are still held “in existence” for running processes by the operating system, they are not listed in the file system anymore. They can however easily be identified via the lsof tool. And this is exactly what checkrestart does.
Hence, checkrestart “compares” the open files used by running processes to the corresponding files in the file system. If the file system contains other (e.g. newer) data than the process is currently using, then checkrestart proposes to restart that process. In a tidy server environment, this usually is the case only for updated shared library files.

Aug 19 2015, 8:04 PM · javascript, enhancement, circumvention, research, Whonix
Patrick closed T396: Qubes-Whonix obfsproxy AppArmor issue as Resolved.

fixed obfsproxy AppArmor issue "OSError: [Errno 13] Permission denied: '/rw/usrlocal/lib/python2.7/dist-packages'" using superior /etc/apparmor.d/tunables/home.d/qubes-whonix-anondist solution - https://phabricator.whonix.org/T396:
https://github.com/Whonix/apparmor-profile-anondist/commit/8785d3124c75dc39c6da2f1753e19b02d625a987

Aug 19 2015, 7:45 PM · bug, circumvention, AppArmor, anon-gw-anonymizer-config, Whonix 12, qubes-whonix 12, Whonix
Patrick added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.
In T118#6510, @HulaHoop wrote:

One problem I can see is the need to restart TBB for updates to take effect. Without a GUI it's not possible for a user to know this information directly but needrestart can detect updated daemons by open file descriptors and restart them.

Aug 19 2015, 5:05 PM · javascript, enhancement, circumvention, research, Whonix
HulaHoop added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.

One problem I can see is the need to restart TBB for updates to take effect. Without a GUI it's not possible for a user to know this information directly but needrestart can detect updated daemons by open file descriptors and restart them.

Aug 19 2015, 4:16 AM · javascript, enhancement, circumvention, research, Whonix

Aug 15 2015

Patrick reopened T396: Qubes-Whonix obfsproxy AppArmor issue as "Open".

Actually, that's a much better solution.

Aug 15 2015, 8:41 PM · bug, circumvention, AppArmor, anon-gw-anonymizer-config, Whonix 12, qubes-whonix 12, Whonix
Patrick added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.
In T118#6361, @HulaHoop wrote:

TBB 5+ enables automatic updates by default. No custom modifications needed.

Starting with this release, Tor Browser will now also download and apply upgrades in the background, to ensure that users upgrade quicker and with less interaction. This behavior is governed by the about:config pref app.update.auto, but we do not recommend disabling it unless you really know what you're doing.

https://blog.torproject.org/blog/tor-browser-50-released

Aug 15 2015, 5:03 PM · javascript, enhancement, circumvention, research, Whonix
Patrick added a comment to T396: Qubes-Whonix obfsproxy AppArmor issue.

Got another answer.

Aug 15 2015, 4:19 PM · bug, circumvention, AppArmor, anon-gw-anonymizer-config, Whonix 12, qubes-whonix 12, Whonix

Aug 14 2015

Patrick added a comment to T396: Qubes-Whonix obfsproxy AppArmor issue.
In T396#6413, @Patrick wrote:

AppArmor upstream feature request - symlink support:
https://bugs.launchpad.net/apparmor/+bug/1485055

Aug 14 2015, 11:54 PM · bug, circumvention, AppArmor, anon-gw-anonymizer-config, Whonix 12, qubes-whonix 12, Whonix
Patrick closed T396: Qubes-Whonix obfsproxy AppArmor issue as Resolved.
Aug 14 2015, 6:56 PM · bug, circumvention, AppArmor, anon-gw-anonymizer-config, Whonix 12, qubes-whonix 12, Whonix
Patrick added a comment to T396: Qubes-Whonix obfsproxy AppArmor issue.

AppArmor upstream feature request - symlink support:
https://bugs.launchpad.net/apparmor/+bug/1485055

Aug 14 2015, 6:56 PM · bug, circumvention, AppArmor, anon-gw-anonymizer-config, Whonix 12, qubes-whonix 12, Whonix
Patrick added a comment to T396: Qubes-Whonix obfsproxy AppArmor issue.

A real fix would require having an AppArmor option to follow symlinks.

Aug 14 2015, 6:49 PM · bug, circumvention, AppArmor, anon-gw-anonymizer-config, Whonix 12, qubes-whonix 12, Whonix
Patrick created T396: Qubes-Whonix obfsproxy AppArmor issue.
Aug 14 2015, 6:33 PM · bug, circumvention, AppArmor, anon-gw-anonymizer-config, Whonix 12, qubes-whonix 12, Whonix

Aug 12 2015

HulaHoop added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.

TBB 5+ enables automatic updates by default. No custom modifications needed.

Aug 12 2015, 12:58 AM · javascript, enhancement, circumvention, research, Whonix

Aug 9 2015

HulaHoop added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.

Nice progress!

Aug 9 2015, 12:47 AM · javascript, enhancement, circumvention, research, Whonix

Aug 8 2015

Patrick added a comment to T116: document how to use TBB as "system Tor" inside Whonix-Gateway.

Significant progress has been made:
Using Tor / Pluggable Transports from the Tor Browser Bundle

Aug 8 2015, 1:56 PM · research, user documentation, circumvention, enhancement, Whonix
Patrick updated the task description for T116: document how to use TBB as "system Tor" inside Whonix-Gateway.
Aug 8 2015, 4:56 AM · research, user documentation, circumvention, enhancement, Whonix
Patrick added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.

I succeeded starting TBB as user debian-tor.

Aug 8 2015, 4:52 AM · javascript, enhancement, circumvention, research, Whonix

Aug 6 2015

HulaHoop added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.

Another blocker problem: TBB will refuse to run as root. Not going to be possible to run it as system Tor. Cannot use debian-tor group.

Aug 6 2015, 5:48 AM · javascript, enhancement, circumvention, research, Whonix

Aug 5 2015

Patrick added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.

But then we'll don't get a pluggable transports gui (tor-launcher) within the next how many years. And no access to recent (working!) pluggable transports.

Aug 5 2015, 6:03 PM · javascript, enhancement, circumvention, research, Whonix
Patrick added a subtask for T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix: T116: document how to use TBB as "system Tor" inside Whonix-Gateway.
Aug 5 2015, 4:09 PM · javascript, enhancement, circumvention, research, Whonix
Patrick added a parent task for T116: document how to use TBB as "system Tor" inside Whonix-Gateway: T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.
Aug 5 2015, 4:09 PM · research, user documentation, circumvention, enhancement, Whonix
HulaHoop added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.

I think this whole thing is a hack. Should therefore just be optional. It's also more likely to break. Too experimental to make it the default for everyone. And cumbersome.

Aug 5 2015, 3:50 PM · javascript, enhancement, circumvention, research, Whonix
Patrick added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.

I'm assuming we are completely replacing Debian repo's system Tor with TBB Tor.

Aug 5 2015, 12:12 AM · javascript, enhancement, circumvention, research, Whonix

Aug 3 2015

HulaHoop added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.

I'm assuming we are completely replacing Debian repo's system Tor with TBB Tor.

Aug 3 2015, 8:32 PM · javascript, enhancement, circumvention, research, Whonix
Patrick added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.

HulaHoop (HulaHoop):

Launching Tor and TBB from command line:

Aug 3 2015, 1:22 PM · javascript, enhancement, circumvention, research, Whonix
HulaHoop added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.

Launching Tor and TBB from command line:
https://askubuntu.com/questions/320545/how-to-launch-tor

Aug 3 2015, 7:56 AM · javascript, enhancement, circumvention, research, Whonix

Aug 2 2015

Patrick added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.

Good ideas! I would call this development / TODO research tasks, though.

Aug 2 2015, 4:16 PM · javascript, enhancement, circumvention, research, Whonix
HulaHoop closed T386: meek Pluggable Transport as Invalid.
Aug 2 2015, 3:44 PM · enhancement, circumvention, Whonix
HulaHoop added a comment to T386: meek Pluggable Transport.

Closing this ticket.

Aug 2 2015, 3:43 PM · enhancement, circumvention, Whonix
HulaHoop added a comment to T118: make TBB usable as "system Tor", so latest pluggable transports and the tor-launcher graphical user interface can be used in Whonix.

At the moment we have three choices:

Aug 2 2015, 3:41 PM · javascript, enhancement, circumvention, research, Whonix

Aug 1 2015

Patrick added a comment to T386: meek Pluggable Transport.
In T386#6195, @HulaHoop wrote:

Running Whonix Gateway behind another Whonix Gateway doesn't work for some reason. Any suggestions? I can't run this in the clear when I've already talked about it because it can be linked to me.

Aug 1 2015, 3:44 PM · enhancement, circumvention, Whonix
Patrick added a comment to T386: meek Pluggable Transport.
In T386#6194, @HulaHoop wrote:
  • The problems discussed in https://trac.torproject.org/projects/tor/ticket/14121 can be solved even if the features requested are never developed. Running TBB Tor headlessly is possible thru using xvfb (pkg that tricks a gui application into thinking its connected to a X-server) and something like selenium.

https://github.com/webfp/tor-browser-crawler
https://github.com/isislovecruft/tor-browser-selenium
Even when we can run TBB headlessly and still take advanatge of torlauncher-gui I forsee problems that will make the entire idea a non-starter. We cannot redistribute TBB binaries. They must be downloaded. Imagine users in censored areas where they can't connect with Tor how will they be able to fetch TBB when connections to TPO are censored? Downloading from alternative distribution channels using GetTor will leave all kinds of network fingerprints.
The only sane solution is for TPO to spin off torlauncher-gui into its own independent package along with all pluggable transports, all in their repo so we can redistribute them freely and generate builds that include them without problems.

Aug 1 2015, 9:54 AM · enhancement, circumvention, Whonix
HulaHoop added a comment to T386: meek Pluggable Transport.

Running Whonix Gateway behind another Whonix Gateway doesn't work for some reason. Any suggestions? I can't run this in the clear when I've already talked about it because it can be linked to me.

Aug 1 2015, 4:32 AM · enhancement, circumvention, Whonix
HulaHoop added a comment to T386: meek Pluggable Transport.

Did you succeed in setting this up you? Can you share instructions in meanwhile please?

Aug 1 2015, 12:36 AM · enhancement, circumvention, Whonix