Page MenuHomePhabricator

anon-gw-anonymizer-configProject
ActivePublic

Members (1)

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Thu, Jul 23

Patrick added a comment to T996: Readying for Tor Browser 9.5 (June 2).

553 Unable to store creds for

Did you set ClientOnionAuthDir in torrc (to a directory with "private
enough" permissions)?

Rusty

Thu, Jul 23, 1:27 PM · Whonix 15, anon-gw-anonymizer-config, Whonix

Jun 19 2020

Patrick added a comment to T996: Readying for Tor Browser 9.5 (June 2).

Tor Browser onion authentication prompt:
https://blog.torproject.org/sites/default/files/inline-images/onion-auth%402x.png

Jun 19 2020, 10:48 AM · Whonix 15, anon-gw-anonymizer-config, Whonix

Jun 18 2020

HulaHoop added a comment to T996: Readying for Tor Browser 9.5 (June 2).

What Tor related apps are broken without support for this?

Jun 18 2020, 8:03 PM · Whonix 15, anon-gw-anonymizer-config, Whonix
Patrick added a comment to T996: Readying for Tor Browser 9.5 (June 2).

Maybe this is bound per connection similar to ephemeral Tor onion services? In that case, other VMs couldn't re-use it.

Jun 18 2020, 4:38 PM · Whonix 15, anon-gw-anonymizer-config, Whonix
rustybird added a comment to T996: Readying for Tor Browser 9.5 (June 2).

https://github.com/adrelanos/anon-gw-anonymizer-config/commit/97ff68a6c49ecef3e79ab10e1a930a4f5e13198d#commitcomment-39671373

Jun 18 2020, 4:38 PM · Whonix 15, anon-gw-anonymizer-config, Whonix
Patrick closed T996: Readying for Tor Browser 9.5 (June 2) as Resolved.

onion_client_auth_add Flags=Permanent fails with 553 Unable to store creds for

Jun 18 2020, 4:38 PM · Whonix 15, anon-gw-anonymizer-config, Whonix
Patrick updated subscribers of T996: Readying for Tor Browser 9.5 (June 2).
Jun 18 2020, 4:38 PM · Whonix 15, anon-gw-anonymizer-config, Whonix
Patrick updated the task description for T996: Readying for Tor Browser 9.5 (June 2).
Jun 18 2020, 4:38 PM · Whonix 15, anon-gw-anonymizer-config, Whonix
rustybird added a comment to T996: Readying for Tor Browser 9.5 (June 2).

Maybe this is bound per connection similar to ephemeral Tor onion services?

Jun 18 2020, 4:38 PM · Whonix 15, anon-gw-anonymizer-config, Whonix
Patrick changed the status of T996: Readying for Tor Browser 9.5 (June 2) from Open to testing-in-next-build-required.

Update Tor to 0.4.3.5

Jun 18 2020, 4:38 PM · Whonix 15, anon-gw-anonymizer-config, Whonix

May 29 2020

rustybird renamed T996: Readying for Tor Browser 9.5 (June 2) from Readying for Tor Browser 9.5 (July 2) to Readying for Tor Browser 9.5 (June 2).
May 29 2020, 6:59 PM · Whonix 15, anon-gw-anonymizer-config, Whonix
rustybird triaged T996: Readying for Tor Browser 9.5 (June 2) as High priority.
May 29 2020, 6:59 PM · Whonix 15, anon-gw-anonymizer-config, Whonix

Apr 6 2019

Patrick added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

mixmaster said to be dead upstream and permanently removed from Debian

Apr 6 2019, 8:06 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
Patrick closed T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users as Invalid.

mixmaster is unavaiable in Debian version 10 codename Buster.

Apr 6 2019, 4:57 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix

Apr 4 2019

Patrick added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

Can you think of any other app besides a browser that parses JS/Remote code that can manipulate it into requesting those particular addresses?

Apr 4 2019, 8:16 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix

Mar 26 2019

HulaHoop added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

Can you think of any other app besides a browser that parses JS/Remote code that can manipulate it into requesting those particular addresses?

Mar 26 2019, 6:04 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
Patrick added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

But this isn't a Tor Browser only thing. Applies to any application, specifically those using system default networking (Tor's TransPort).

Mar 26 2019, 1:00 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix

Mar 25 2019

HulaHoop added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

On a second thought I wonder if this is still a Whonix specific fingerprinting vector. Any DNS request for 172.24.0.0 would resolve to bshc44ac76q3kskw.onion. Not something a remote website could exploit?

Mar 25 2019, 8:39 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
Patrick added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

https://github.com/Whonix/anon-gw-anonymizer-config/commit/57e3976d9726fc636741865ee90d1bb2bbf3dfad

Mar 25 2019, 7:43 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
Patrick added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

On a second thought I wonder if this is still a Whonix specific fingerprinting vector. Any DNS request for 172.24.0.0 would resolve to bshc44ac76q3kskw.onion. Not something a remote website could exploit?

Mar 25 2019, 7:42 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
HulaHoop added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

@Patrick Now we have to figure out how or if we can use the version in sid on Buster since it is no longer available in stable-next after the freeze. Let me know what you think and I will open a ticket for it is doable.

Mar 25 2019, 12:35 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
HulaHoop added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

https://github.com/Whonix/anon-gw-anonymizer-config/pull/17/commits/5351bd4765476e9522c77cea5a8e30e6c4f94083

Mar 25 2019, 12:33 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix

Feb 18 2019

Patrick added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

Yes.

Feb 18 2019, 10:47 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
HulaHoop added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

Other imporvements in this thread such as functioning SMTP gateways are also part of this ticket:

Feb 18 2019, 7:01 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix

Feb 2 2019

Patrick added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

Sounds good!

Feb 2 2019, 9:19 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
HulaHoop added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

Middle of the range solution. How does this sound? Confirmed it falls within the private address CIDR:

Feb 2 2019, 3:36 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix

Jan 31 2019

Patrick added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

My advice is to use a private address range reserved for this purpose by IANA. These will never be used in the future by anyone. Sine we use 10.x.x.x and moved away from 192.x.x.x, this leaves 172.x.x.x

172.16.0.0 – 172.31.255.255

https://en.wikipedia.org/wiki/Private_network

Jan 31 2019, 12:15 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
Patrick changed the status of T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users from testing-in-next-build-required to Open.
Jan 31 2019, 12:06 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix

Dec 9 2018

Patrick lowered the priority of T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users from High to Normal.
Dec 9 2018, 6:52 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
Patrick triaged T785: Use /lib/systemd/system/tor@service.d instead as Normal priority.
Dec 9 2018, 6:52 AM · anon-gw-anonymizer-config, systemd, Whonix

Dec 5 2018

HulaHoop added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

My advice is to use a private address range reserved for this purpose by IANA. These will never be used in the future by anyone. Sine we use 10.x.x.x and moved away from 192.x.x.x, this leaves 172.x.x.x

Dec 5 2018, 12:13 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix

Nov 28 2018

Patrick changed the status of T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users from Open to testing-in-next-build-required.

Removed for now.

Nov 28 2018, 6:28 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
Patrick added a project to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users: anon-gw-anonymizer-config.
Nov 28 2018, 6:27 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix

Mar 7 2018

Patrick closed T537: monitor what changes /var/lib/tor/lock access rights as Resolved.
Mar 7 2018, 2:08 AM · anon-gw-anonymizer-config, Whonix 14, Whonix
Patrick closed T637: port from service to systemctl add --no-pager / --no-block as Resolved.
Mar 7 2018, 1:14 AM · whonixsetup, whonixcheck, whonix-setup-wizard, whonix-legacy, whonix-developer-meta-files, sdwdate-gui, sdwdate, rads, qubes-whonix, bootclockrandomization, anon-shared-helper-scripts, anon-gw-leaktest, anon-gw-anonymizer-config, systemd, bug, Whonix, Whonix 14

Feb 21 2017

Patrick claimed T637: port from service to systemctl add --no-pager / --no-block.

One mistake fixed.

Feb 21 2017, 11:39 PM · whonixsetup, whonixcheck, whonix-setup-wizard, whonix-legacy, whonix-developer-meta-files, sdwdate-gui, sdwdate, rads, qubes-whonix, bootclockrandomization, anon-shared-helper-scripts, anon-gw-leaktest, anon-gw-anonymizer-config, systemd, bug, Whonix, Whonix 14
Patrick changed the status of T637: port from service to systemctl add --no-pager / --no-block from Open to Review.

This unfortunately has quite a chance to have messed up an argument an introduce a regression.

Feb 21 2017, 11:33 PM · whonixsetup, whonixcheck, whonix-setup-wizard, whonix-legacy, whonix-developer-meta-files, sdwdate-gui, sdwdate, rads, qubes-whonix, bootclockrandomization, anon-shared-helper-scripts, anon-gw-leaktest, anon-gw-anonymizer-config, systemd, bug, Whonix, Whonix 14
Patrick added projects to T637: port from service to systemctl add --no-pager / --no-block: anon-gw-anonymizer-config, anon-gw-leaktest, anon-shared-helper-scripts, bootclockrandomization, qubes-whonix, rads, sdwdate, sdwdate-gui, whonix-developer-meta-files, whonix-legacy, whonix-setup-wizard, whonixcheck, whonixsetup.
Feb 21 2017, 11:32 PM · whonixsetup, whonixcheck, whonix-setup-wizard, whonix-legacy, whonix-developer-meta-files, sdwdate-gui, sdwdate, rads, qubes-whonix, bootclockrandomization, anon-shared-helper-scripts, anon-gw-leaktest, anon-gw-anonymizer-config, systemd, bug, Whonix, Whonix 14

Jan 18 2017

Patrick closed T436: versioned Depends: tor (>= 0.2.7.3) once based on Debian Stretch as Resolved.

https://github.com/Whonix/anon-gw-anonymizer-config/commit/13fadb99bade549d356d45c9339b23a3c4831697

Jan 18 2017, 9:20 AM · Whonix 14, Whonix, anon-gw-anonymizer-config, Debian version 9 codename Stretch
Patrick added a project to T436: versioned Depends: tor (>= 0.2.7.3) once based on Debian Stretch: Whonix 14.
Jan 18 2017, 6:58 AM · Whonix 14, Whonix, anon-gw-anonymizer-config, Debian version 9 codename Stretch

Aug 5 2016

Patrick changed the status of T537: monitor what changes /var/lib/tor/lock access rights from Open to Review.

https://github.com/Whonix/anon-gw-anonymizer-config/commit/17b4b11343b2623b379ff8a83e3e77db410bb8ae

Aug 5 2016, 1:11 AM · anon-gw-anonymizer-config, Whonix 14, Whonix
Patrick created T537: monitor what changes /var/lib/tor/lock access rights.
Aug 5 2016, 1:08 AM · anon-gw-anonymizer-config, Whonix 14, Whonix

Apr 26 2016

Patrick closed T451: xdg desktop starters that start stuff in terminal windows such as tor-arm, restart Tor etc. should start maximized by default as Resolved.
Apr 26 2016, 7:03 PM · whonix-gw-firewall, Whonix, enhancement, usability, Whonix 13, anon-gw-anonymizer-config

Apr 21 2016

Patrick closed T434: redirect tinyproxy traffic to 127.0.0.1 instead to qubes-netvm-gateway as Resolved.
Apr 21 2016, 9:04 PM · iptables, Whonix 13, anon-gw-anonymizer-config, whonix-gw-firewall, Whonix, Qubes

Apr 11 2016

Patrick closed T493: ask TPO to merge separate repository dist http://deb.torproject.org/torproject.org/dists/obfs4proxy/ into usual dist as Resolved.

deb.torproject.org: merge obfs4proxy apt repository into regular deb.torproject.org repositories:
https://trac.torproject.org/projects/tor/ticket/18796

Apr 11 2016, 8:14 PM · anon-gw-anonymizer-config, Whonix, Whonix 13

Apr 8 2016

Patrick renamed T493: ask TPO to merge separate repository dist http://deb.torproject.org/torproject.org/dists/obfs4proxy/ into usual dist from separate repository dist http://deb.torproject.org/torproject.org/dists/obfs4proxy/ to ask TPO to merge separate repository dist http://deb.torproject.org/torproject.org/dists/obfs4proxy/ into usual dist.
Apr 8 2016, 9:09 PM · anon-gw-anonymizer-config, Whonix, Whonix 13
Patrick created T493: ask TPO to merge separate repository dist http://deb.torproject.org/torproject.org/dists/obfs4proxy/ into usual dist.
Apr 8 2016, 9:09 PM · anon-gw-anonymizer-config, Whonix, Whonix 13

Dec 9 2015

Patrick changed the status of T451: xdg desktop starters that start stuff in terminal windows such as tor-arm, restart Tor etc. should start maximized by default from Open to Review.
Dec 9 2015, 8:21 PM · whonix-gw-firewall, Whonix, enhancement, usability, Whonix 13, anon-gw-anonymizer-config
Patrick added a project to T451: xdg desktop starters that start stuff in terminal windows such as tor-arm, restart Tor etc. should start maximized by default: whonix-gw-firewall.
Dec 9 2015, 8:21 PM · whonix-gw-firewall, Whonix, enhancement, usability, Whonix 13, anon-gw-anonymizer-config
Patrick added a comment to T451: xdg desktop starters that start stuff in terminal windows such as tor-arm, restart Tor etc. should start maximized by default.

https://github.com/Whonix/anon-gw-anonymizer-config/commit/c02c2f8ceedcf6a05073849e253b9ddf80caaf34

Dec 9 2015, 8:20 PM · whonix-gw-firewall, Whonix, enhancement, usability, Whonix 13, anon-gw-anonymizer-config