Page MenuHomePhabricator

anon-gw-anonymizer-configProject
ActivePublic

Members (1)

Watchers

  • This project does not have any watchers.

Recent Activity

Sat, Apr 6

Patrick added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

mixmaster said to be dead upstream and permanently removed from Debian

Sat, Apr 6, 8:06 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
Patrick closed T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users as Invalid.

mixmaster is unavaiable in Debian version 10 codename Buster.

Sat, Apr 6, 4:57 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix

Thu, Apr 4

Patrick added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

Can you think of any other app besides a browser that parses JS/Remote code that can manipulate it into requesting those particular addresses?

Thu, Apr 4, 8:16 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix

Tue, Mar 26

HulaHoop added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

Can you think of any other app besides a browser that parses JS/Remote code that can manipulate it into requesting those particular address?

Tue, Mar 26, 6:04 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
Patrick added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

But this isn't a Tor Browser only thing. Applies to any application, specifically those using system default networking (Tor's TransPort).

Tue, Mar 26, 1:00 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix

Mon, Mar 25

HulaHoop added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

On a second thought I wonder if this is still a Whonix specific fingerprinting vector. Any DNS request for 172.24.0.0 would resolve to bshc44ac76q3kskw.onion. Not something a remote website could exploit?

Mon, Mar 25, 8:39 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
Patrick added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

https://github.com/Whonix/anon-gw-anonymizer-config/commit/57e3976d9726fc636741865ee90d1bb2bbf3dfad

Mon, Mar 25, 7:43 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
Patrick added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

On a second thought I wonder if this is still a Whonix specific fingerprinting vector. Any DNS request for 172.24.0.0 would resolve to bshc44ac76q3kskw.onion. Not something a remote website could exploit?

Mon, Mar 25, 7:42 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
HulaHoop added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

@Patrick Now we have to figure out how or if we can use the version in sid on Buster since it is no longer available in stable-next after the freeze. Let me know what you think and I will open a ticket for it is doable.

Mon, Mar 25, 12:35 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
HulaHoop added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

https://github.com/Whonix/anon-gw-anonymizer-config/pull/17/commits/5351bd4765476e9522c77cea5a8e30e6c4f94083

Mon, Mar 25, 12:33 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix

Feb 18 2019

Patrick added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

Yes.

Feb 18 2019, 10:47 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
HulaHoop added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

Other imporvements in this thread such as functioning SMTP gateways are also part of this ticket:

Feb 18 2019, 7:01 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix

Feb 2 2019

Patrick added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

Sounds good!

Feb 2 2019, 9:19 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
HulaHoop added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

Middle of the range solution. How does this sound? Confirmed it falls within the private address CIDR:

Feb 2 2019, 3:36 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix

Jan 31 2019

Patrick added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

My advice is to use a private address range reserved for this purpose by IANA. These will never be used in the future by anyone. Sine we use 10.x.x.x and moved away from 192.x.x.x, this leaves 172.x.x.x

172.16.0.0 – 172.31.255.255

https://en.wikipedia.org/wiki/Private_network

Jan 31 2019, 12:15 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
Patrick changed the status of T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users from testing-in-next-build-required to Open.
Jan 31 2019, 12:06 PM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix

Dec 9 2018

Patrick lowered the priority of T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users from High to Normal.
Dec 9 2018, 6:52 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
Patrick triaged T785: Use /lib/systemd/system/tor@service.d instead as Normal priority.
Dec 9 2018, 6:52 AM · anon-gw-anonymizer-config, systemd, Whonix

Dec 5 2018

HulaHoop added a comment to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users.

My advice is to use a private address range reserved for this purpose by IANA. These will never be used in the future by anyone. Sine we use 10.x.x.x and moved away from 192.x.x.x, this leaves 172.x.x.x

Dec 5 2018, 12:13 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix

Nov 28 2018

Patrick changed the status of T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users from Open to testing-in-next-build-required.

Removed for now.

Nov 28 2018, 6:28 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix
Patrick added a project to T878: remove mapaddress entries in torrc for 1.1.1.1 and 2.2.2.2 since these allow fingerprinting Whonix users: anon-gw-anonymizer-config.
Nov 28 2018, 6:27 AM · anon-gw-anonymizer-config, Whonix 15, anon-mixmaster, Whonix

Mar 7 2018

Patrick closed T537: monitor what changes /var/lib/tor/lock access rights as Resolved.
Mar 7 2018, 2:08 AM · anon-gw-anonymizer-config, Whonix 14, Whonix
Patrick closed T637: port from service to systemctl add --no-pager / --no-block as Resolved.
Mar 7 2018, 1:14 AM · whonixsetup, whonixcheck, whonix-setup-wizard, whonix-legacy, whonix-developer-meta-files, sdwdate-gui, sdwdate, rads, qubes-whonix, bootclockrandomization, anon-shared-helper-scripts, anon-gw-leaktest, anon-gw-anonymizer-config, systemd, bug, Whonix, Whonix 14

Feb 21 2017

Patrick claimed T637: port from service to systemctl add --no-pager / --no-block.

One mistake fixed.

Feb 21 2017, 11:39 PM · whonixsetup, whonixcheck, whonix-setup-wizard, whonix-legacy, whonix-developer-meta-files, sdwdate-gui, sdwdate, rads, qubes-whonix, bootclockrandomization, anon-shared-helper-scripts, anon-gw-leaktest, anon-gw-anonymizer-config, systemd, bug, Whonix, Whonix 14
Patrick changed the status of T637: port from service to systemctl add --no-pager / --no-block from Open to Review.

This unfortunately has quite a chance to have messed up an argument an introduce a regression.

Feb 21 2017, 11:33 PM · whonixsetup, whonixcheck, whonix-setup-wizard, whonix-legacy, whonix-developer-meta-files, sdwdate-gui, sdwdate, rads, qubes-whonix, bootclockrandomization, anon-shared-helper-scripts, anon-gw-leaktest, anon-gw-anonymizer-config, systemd, bug, Whonix, Whonix 14
Patrick added projects to T637: port from service to systemctl add --no-pager / --no-block: anon-gw-anonymizer-config, anon-gw-leaktest, anon-shared-helper-scripts, bootclockrandomization, qubes-whonix, rads, sdwdate, sdwdate-gui, whonix-developer-meta-files, whonix-legacy, whonix-setup-wizard, whonixcheck, whonixsetup.
Feb 21 2017, 11:32 PM · whonixsetup, whonixcheck, whonix-setup-wizard, whonix-legacy, whonix-developer-meta-files, sdwdate-gui, sdwdate, rads, qubes-whonix, bootclockrandomization, anon-shared-helper-scripts, anon-gw-leaktest, anon-gw-anonymizer-config, systemd, bug, Whonix, Whonix 14

Jan 18 2017

Patrick closed T436: versioned Depends: tor (>= 0.2.7.3) once based on Debian Stretch as Resolved.

https://github.com/Whonix/anon-gw-anonymizer-config/commit/13fadb99bade549d356d45c9339b23a3c4831697

Jan 18 2017, 9:20 AM · Whonix 14, Whonix, anon-gw-anonymizer-config, Debian version 9 codename Stretch
Patrick added a project to T436: versioned Depends: tor (>= 0.2.7.3) once based on Debian Stretch: Whonix 14.
Jan 18 2017, 6:58 AM · Whonix 14, Whonix, anon-gw-anonymizer-config, Debian version 9 codename Stretch

Aug 5 2016

Patrick changed the status of T537: monitor what changes /var/lib/tor/lock access rights from Open to Review.

https://github.com/Whonix/anon-gw-anonymizer-config/commit/17b4b11343b2623b379ff8a83e3e77db410bb8ae

Aug 5 2016, 1:11 AM · anon-gw-anonymizer-config, Whonix 14, Whonix
Patrick created T537: monitor what changes /var/lib/tor/lock access rights.
Aug 5 2016, 1:08 AM · anon-gw-anonymizer-config, Whonix 14, Whonix

Apr 26 2016

Patrick closed T451: xdg desktop starters that start stuff in terminal windows such as tor-arm, restart Tor etc. should start maximized by default as Resolved.
Apr 26 2016, 7:03 PM · whonix-gw-firewall, Whonix, enhancement, usability, Whonix 13, anon-gw-anonymizer-config

Apr 21 2016

Patrick closed T434: redirect tinyproxy traffic to 127.0.0.1 instead to qubes-netvm-gateway as Resolved.
Apr 21 2016, 9:04 PM · iptables, Whonix 13, anon-gw-anonymizer-config, whonix-gw-firewall, Whonix, Qubes

Apr 11 2016

Patrick closed T493: ask TPO to merge separate repository dist http://deb.torproject.org/torproject.org/dists/obfs4proxy/ into usual dist as Resolved.

deb.torproject.org: merge obfs4proxy apt repository into regular deb.torproject.org repositories:
https://trac.torproject.org/projects/tor/ticket/18796

Apr 11 2016, 8:14 PM · anon-gw-anonymizer-config, Whonix, Whonix 13

Apr 8 2016

Patrick renamed T493: ask TPO to merge separate repository dist http://deb.torproject.org/torproject.org/dists/obfs4proxy/ into usual dist from separate repository dist http://deb.torproject.org/torproject.org/dists/obfs4proxy/ to ask TPO to merge separate repository dist http://deb.torproject.org/torproject.org/dists/obfs4proxy/ into usual dist.
Apr 8 2016, 9:09 PM · anon-gw-anonymizer-config, Whonix, Whonix 13
Patrick created T493: ask TPO to merge separate repository dist http://deb.torproject.org/torproject.org/dists/obfs4proxy/ into usual dist.
Apr 8 2016, 9:09 PM · anon-gw-anonymizer-config, Whonix, Whonix 13

Dec 9 2015

Patrick changed the status of T451: xdg desktop starters that start stuff in terminal windows such as tor-arm, restart Tor etc. should start maximized by default from Open to Review.
Dec 9 2015, 8:21 PM · whonix-gw-firewall, Whonix, enhancement, usability, Whonix 13, anon-gw-anonymizer-config
Patrick added a project to T451: xdg desktop starters that start stuff in terminal windows such as tor-arm, restart Tor etc. should start maximized by default: whonix-gw-firewall.
Dec 9 2015, 8:21 PM · whonix-gw-firewall, Whonix, enhancement, usability, Whonix 13, anon-gw-anonymizer-config
Patrick added a comment to T451: xdg desktop starters that start stuff in terminal windows such as tor-arm, restart Tor etc. should start maximized by default.

https://github.com/Whonix/anon-gw-anonymizer-config/commit/c02c2f8ceedcf6a05073849e253b9ddf80caaf34

Dec 9 2015, 8:20 PM · whonix-gw-firewall, Whonix, enhancement, usability, Whonix 13, anon-gw-anonymizer-config
Patrick added a comment to T451: xdg desktop starters that start stuff in terminal windows such as tor-arm, restart Tor etc. should start maximized by default.

https://github.com/Whonix/whonix-gw-firewall/commit/475ff8ae4e2c208146ff10b9de0ff954406bcac7

Dec 9 2015, 8:07 PM · whonix-gw-firewall, Whonix, enhancement, usability, Whonix 13, anon-gw-anonymizer-config
Patrick added a comment to T451: xdg desktop starters that start stuff in terminal windows such as tor-arm, restart Tor etc. should start maximized by default.

xdg desktop specification feature request:
desktop entry to maximize terminal TerminalMaximized=true
https://bugs.freedesktop.org/show_bug.cgi?id=93306

Dec 9 2015, 7:37 PM · whonix-gw-firewall, Whonix, enhancement, usability, Whonix 13, anon-gw-anonymizer-config
Patrick created T451: xdg desktop starters that start stuff in terminal windows such as tor-arm, restart Tor etc. should start maximized by default.
Dec 9 2015, 7:36 PM · whonix-gw-firewall, Whonix, enhancement, usability, Whonix 13, anon-gw-anonymizer-config

Nov 26 2015

Patrick added a project to T434: redirect tinyproxy traffic to 127.0.0.1 instead to qubes-netvm-gateway: iptables.
Nov 26 2015, 10:23 PM · iptables, Whonix 13, anon-gw-anonymizer-config, whonix-gw-firewall, Whonix, Qubes

Nov 24 2015

Patrick created T436: versioned Depends: tor (>= 0.2.7.3) once based on Debian Stretch.
Nov 24 2015, 1:29 PM · Whonix 14, Whonix, anon-gw-anonymizer-config, Debian version 9 codename Stretch

Nov 23 2015

Patrick changed the status of T434: redirect tinyproxy traffic to 127.0.0.1 instead to qubes-netvm-gateway from Open to Review.
redirect tinyproxy traffic to 127.0.0.1 instead to qubes-netvm-gateway
Nov 23 2015, 12:45 AM · iptables, Whonix 13, anon-gw-anonymizer-config, whonix-gw-firewall, Whonix, Qubes
Patrick added a subtask for T434: redirect tinyproxy traffic to 127.0.0.1 instead to qubes-netvm-gateway: T435: enable Transparent Proxy Ports for Whonix-Gateway by default [but not in Whonix-Firewall].
Nov 23 2015, 12:42 AM · iptables, Whonix 13, anon-gw-anonymizer-config, whonix-gw-firewall, Whonix, Qubes
Patrick added a project to T434: redirect tinyproxy traffic to 127.0.0.1 instead to qubes-netvm-gateway: Whonix 13.
Nov 23 2015, 12:42 AM · iptables, Whonix 13, anon-gw-anonymizer-config, whonix-gw-firewall, Whonix, Qubes
Patrick created T434: redirect tinyproxy traffic to 127.0.0.1 instead to qubes-netvm-gateway.
Nov 23 2015, 12:39 AM · iptables, Whonix 13, anon-gw-anonymizer-config, whonix-gw-firewall, Whonix, Qubes

Nov 19 2015

Patrick closed T352: Make Onion Key backup more accessible as Resolved.
Nov 19 2015, 8:49 PM · usability, enhancement, whonix-gw-desktop-shortcuts, anon-gw-anonymizer-config, Whonix 12, Whonix

Aug 19 2015

Patrick closed T396: Qubes-Whonix obfsproxy AppArmor issue as Resolved.

fixed obfsproxy AppArmor issue "OSError: [Errno 13] Permission denied: '/rw/usrlocal/lib/python2.7/dist-packages'" using superior /etc/apparmor.d/tunables/home.d/qubes-whonix-anondist solution - https://phabricator.whonix.org/T396:
https://github.com/Whonix/apparmor-profile-anondist/commit/8785d3124c75dc39c6da2f1753e19b02d625a987

Aug 19 2015, 7:45 PM · bug, circumvention, AppArmor, anon-gw-anonymizer-config, Whonix 12, Whonix, qubes-whonix 12

Aug 15 2015

Patrick reopened T396: Qubes-Whonix obfsproxy AppArmor issue as "Open".

Actually, that's a much better solution.

Aug 15 2015, 8:41 PM · bug, circumvention, AppArmor, anon-gw-anonymizer-config, Whonix 12, Whonix, qubes-whonix 12