553 Unable to store creds for

Did you set ClientOnionAuthDir in torrc (to a directory with "private
enough" permissions)?

Rusty

Tor Browser onion authentication prompt:
https://blog.torproject.org/sites/default/files/inline-images/onion-auth%402x.png

What Tor related apps are broken without support for this?

Maybe this is bound per connection similar to ephemeral Tor onion services? In that case, other VMs couldn't re-use it.

https://github.com/adrelanos/anon-gw-anonymizer-config/commit/97ff68a6c49ecef3e79ab10e1a930a4f5e13198d#commitcomment-39671373

onion_client_auth_add Flags=Permanent fails with 553 Unable to store creds for

In T996#20096, @rustybird wrote:

https://github.com/adrelanos/anon-gw-anonymizer-config/commit/97ff68a6c49ecef3e79ab10e1a930a4f5e13198d#commitcomment-39671373

Maybe this is bound per connection similar to ephemeral Tor onion services?

Update Tor to 0.4.3.5

mixmaster said to be dead upstream and permanently removed from Debian

mixmaster is unavaiable in Debian version 10 codename Buster.

In T878#18059, @HulaHoop wrote:

Can you think of any other app besides a browser that parses JS/Remote code that can manipulate it into requesting those particular addresses?

Can you think of any other app besides a browser that parses JS/Remote code that can manipulate it into requesting those particular addresses?

But this isn't a Tor Browser only thing. Applies to any application, specifically those using system default networking (Tor's TransPort).

On a second thought I wonder if this is still a Whonix specific fingerprinting vector. Any DNS request for 172.24.0.0 would resolve to bshc44ac76q3kskw.onion. Not something a remote website could exploit?

https://github.com/Whonix/anon-gw-anonymizer-config/commit/57e3976d9726fc636741865ee90d1bb2bbf3dfad

On a second thought I wonder if this is still a Whonix specific fingerprinting vector. Any DNS request for 172.24.0.0 would resolve to bshc44ac76q3kskw.onion. Not something a remote website could exploit?

@Patrick Now we have to figure out how or if we can use the version in sid on Buster since it is no longer available in stable-next after the freeze. Let me know what you think and I will open a ticket for it is doable.

https://github.com/Whonix/anon-gw-anonymizer-config/pull/17/commits/5351bd4765476e9522c77cea5a8e30e6c4f94083

Yes.

Other imporvements in this thread such as functioning SMTP gateways are also part of this ticket:

Sounds good!

Middle of the range solution. How does this sound? Confirmed it falls within the private address CIDR:

In T878#17661, @HulaHoop wrote:

My advice is to use a private address range reserved for this purpose by IANA. These will never be used in the future by anyone. Sine we use 10.x.x.x and moved away from 192.x.x.x, this leaves 172.x.x.x

172.16.0.0 – 172.31.255.255

https://en.wikipedia.org/wiki/Private_network

My advice is to use a private address range reserved for this purpose by IANA. These will never be used in the future by anyone. Sine we use 10.x.x.x and moved away from 192.x.x.x, this leaves 172.x.x.x

Removed for now.

One mistake fixed.

This unfortunately has quite a chance to have messed up an argument an introduce a regression.

https://github.com/Whonix/anon-gw-anonymizer-config/commit/13fadb99bade549d356d45c9339b23a3c4831697

https://github.com/Whonix/anon-gw-anonymizer-config/commit/17b4b11343b2623b379ff8a83e3e77db410bb8ae

deb.torproject.org: merge obfs4proxy apt repository into regular deb.torproject.org repositories:
https://trac.torproject.org/projects/tor/ticket/18796

https://github.com/Whonix/anon-gw-anonymizer-config/commit/c02c2f8ceedcf6a05073849e253b9ddf80caaf34