Posted on 28 Aug 2016 by Matt TraudtLast upated 24 Sep 2018 at 9:58 am
I work for the Naval Research Lab doing research and development on Tor, and sometimes the Internet in general.
HSTS Supports Targeted Surveillance
8th USENIX Workshop on Free and Open Communications on the Internet (FOCI 2018)
Paul Syverson and Matthew Traudt
Personal: sirmatt |at| ksu d0t edu
Tor: pastly |at| torproject d0t org
Work: matthew d0t traudt |at| nrl d0t navy d0t mil
Some of the Tor directory authorities run bandwidth scanners to measure the bandwidth of relays and include their measurements in their network status votes. Clients use the consensus of these weights to inform their path selection process with the hope that every circuit they build will have roughly equal performance, regardless of the relays chosen. This achieves a form of load balancing.
Historically, the directory authorities that ran bandwidth scanners (bandwidth authorities), ran torflow. Time passed, it slowly become less maintained, and the collective knowledge of how it worked slipped away.
Simple Bandwidth Scanner (sbws) aims to be a quick to implement, easy to maintain replacement for torflow.
KIST is a new scheduler for Tor. It is merged into Tor code as of 0.3.2.9. It prioritizes low-bandwidth, bursty traffic (web traffic) over high-bandwidth, continuous traffic. See my relevant publications for more information.
BM is no longer maintained.
This blog-like website is created with bm.
BM is a set of scripts that use common GNU utilities to dynamically create a static blog. See the README at the project page linked above for more information.Read the entire post
Most onion addresses are hard to remember. For example, my blog can be found at the v2 onion service http://mattttttssi4lhud.onion/ and the v3 onion service http://zfob4nth675763zthpij33iq4pz5q4qthr3gydih4qbdiwtypr2e3bqd.onion/. Even if you brute force a nicer onion address like I have for my v2 address, there's still going to be random garbage in it. And even if you have a ton of computer power, you still have to get lucky to get something as memorable as facebookcorewwwi.onion  .
Everybody has an idea for how to make onion addresses more usable. Here's a non-exhaustive list of some of those ideas and a brief reason for why they are not perfect. These bullets are essentially a summary of [these notes] (https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity/Notes/OnionV3ux) from the 2018 Mexico City Tor developer meeting.
Blockchain-based naming system: These tend to not have a built-in method of censoring or revoking names. Many see this as a plus. But these leaves names squat-able. Adding in a governing body that has the power to change ownership of names gives them too much liability that no sane organization should want to assume.
GNU Name System: GNS is not really maintained these days and would require work to just get it working on its own, let alone getting it to work in the context of onion services and Tor Browser. Using it requires too much knowledge from the user about how name resolution works, and trying to hide that behind some pre-bundled name and crypto info in Tor Browser again puts some organization in charge of maintaining name mappings.
(Ab)use HTTPS Everywhere: HE now supports [update channels] (https://www.eff.org/deeplinks/2018/04/https-everywhere-introduces-new-feature-continual-ruleset-updates), which allow users to add their own auto-updating lists of rules. HE rules can do a lot more than just change HTTP to HTTPS. People could create rule lists that map names like "duckduckgo.tor" to "3g2upl4pq6kufc4m.onion" and share them
Posted on 20 Dec 2017 by Matt TraudtLast upated 27 Dec 2017 at 2:22 pm
Unless you're an edge case (which you aren't).
Let's talk about why you normally want HTTPS. Let me know if I missed something.
You already get this with Tor.
Everything between your local Tor client (using Tor Browser? It runs Tor in the background) and the Tor client providing the onion service is encrypted. No Tor relay and no network-level adversary can tell what onion service you are visiting (which is actually better than what HTTPS-without-Tor to a regular website would get you).
If you're an onion service operator and you're at the sophistication level of taking advice from random blogs on the Internet, HTTPS doesn't help you here. If you're Facebook, Reddit, or YouTube, then you have a sizable datacenter(s) and are probably no longer running Tor on the same machines as your webservers. Unencrypted traffic may be flowing over an uncomfortable distance on your (super secure, right?) network. Maybe you want HTTPS. But you also have the resources to get a valid certificate for your onion. So do that.
You already get this with Tor. This is related, but distinct from the previous point.
When you connect to reddit.com with HTTPS, how do you know no one is MitM'ing you? The certificate is valid, right? No big scary browser errors. For better or for worse, we trust the Certificate Authority (CA) system.
When you connect to an onion service, how do you know no one is MitM'ing you? Easy. It's impossible. The bad guy would have to be in your browser (more accurately: between the browser part of Tor Browser and the Tor process it runs in the background) or between the Tor process the onion service operator is running and the webserver it's pointing at. If you assume your Tor BrowserRead the entire post
I'm in the process of setting up a new server and I'm trying to be super ultra mega secure about it. It's running FreeBSD with some fancy security options enabled, blah blah blah, oh and I made SSH over Tor the only way to remotely access it for administration. It's a private onion service, which is super cool in itself, but since I don't mind leaking the location of this server, it is also a single-onion service. This does seem to have a positive impact on the speed and latency to the machine, but after a few weeks of managing the machine completely over Tor, I determined I wanted more usability.
My main complaint is the lack of immediate local echoing of what I type. Mosh does that, but mosh uses UDP, which doesn't work over Tor. There's two ways I could approach this. The first would actually be called "Mosh over Tor," but I ultimately went for the second as it would actually allow me to roam (another great feature of mosh).
I could use socat to tunnel UDP over Tor. Create the tunnel and then mosh to
Or I could authenticate over SSH over Tor and then create the actual UDP connection over the regular Internet.
So I now present to you the script I use to (not really) use mosh over Tor. It's a healthy mixture of things specific to me and hardcoded values that need changing for every use case. But it is a starting point if you would like to try your hand at (2) above too.
Read the entire post
#!/usr/bin/env bash MOSH_IP="ip.of.remotehost.foo" SSH_HOSTNAME="hostname.foo.from.ssh.config" SUCCESS_LINE=$(ssh $SSH_HOSTNAME "mosh-server new -i $MOSH_IP" | grep 'MOSH CONNECT') [[ "$SUCCESS_LINE" == "" ]] && echo "failed to connect :(" && exit 1 MOSH_PORT=$(echo $SUCCESS_LINE | cut -d ' ' -f 3)
Posted on 06 May 2017 by Matt TraudtLast upated 04 Feb 2018 at 11:28 am
I made a thing.
http://jld3zkuo4b5mbios.onion and http://vwx4mjvwoszgnagzcrwdjlsq3pq3zyob3zpq5qissxdoivnuyylzn7yd.onion (it used to be available at onions.system33.pw and ypqmhx5z3q5o6beg.onion)
Most of what I wanted to say about it I've already said at those links above.
It got picked up by Motherboard, and then a few other sites picked it up. This was supposed to be a stupid little Saturday project. It isn't interesting. It isn't exciting.
Posted on 25 Feb 2017 by Matt TraudtLast upated 14 Jan 2018 at 2:37 pm
You're probably aware of many of the great features of onion services.
You may have ever heard about how misbehaving relays with the HSDir flag can learn the existence of onion services that their owners literally never advertised anywhere. This attack and related attacks will be impossible when the next generation of onion services is deployed (see end of this post for more information), but did you know can prevent this from happening right now, today, on your onion services?
This is thanks to a feature of Tor onion services that can prevent anyone from even connecting to your service if they don't have your permission. I'm not talking about a login page on example.onion, I'm talking about the inability for random people to be able to tell that example.onion is up or if it even exists.
I'm talking about the HiddenServiceAuthorizeClient (server-side) and HidServAuth (client-side) torrc options that you can find in the Tor manual.
There are two ways to use this: basic and stealth. The gist with both is
After this setup is done, clients authenticate automatically with no further work from the user necessary.Read the entire post