Administering servers over Tor using Ansible.

Difficulty rating: 8.  Highly specific use case, highly specific setup, assumes that you know what these tools are already.

Let's assume that you have a couple of servers that you can SSH into over Tor as hidden services.

Let's assume that your management workstation has SSH, the Tor Browser Bundle and Ansible installed.  Ansible does all over its work over an SSH connection, so there's no agent to install on any of your servers.

Let's assume that you only use SSH public key authentication to log into those servers.  Password authentication is disabled with the directive PasswordAuthentication no in the …

Read more...

Configuring Pidgin to connect to a Tor hidden service.

It is, in theory, possible to configure any network service to be reachable over the Tor darknet. This includes instant messaging servers, like the XMPP server EjabberD. Conversely, it must be possible to configure your instant messaging client to connect over the Tor network. I used Pidgin as my client, and here's how I did it:

I set up a copy of the web proxy Polipo and configured it to work with Tor.

I then created a new XMPP account in my Pidgin client which connects to the XMPP domain the server was configured for (let's say it's 'xmpp-domain', though …

Read more...

Tor in the Elastic Computing Cloud: Fourteen months later.

Slightly over a year has gone by since I announced that I'd set up a Tor node in Amazon's EC2 to help add some bandwidth to the Tor network. I've been keeping an eye on things since then, keeping tabs on what goes into maintaining a node in Amazon's virtualization infrastructure and tallying up the cost, so here are my results.

Last month my year of 'free' operation of a micro instance in the EC2 was up; I now have to pay full price for my particular tier every month to maintain my node (though I always had to pay …

Read more...

HacDC: Privacy, anonymity, and operational security.

On Saturday, 8 October 2011 I will be at HacDC giving an impromptu class on personal privacy, online anonymity, and operational security for activists. I will be talking about some of the online surveillance technologies in use right now, risks inherent in organizing online and how to mitigate them, practical cryptography, practical anonymity, and operational security. If you are not familiar with using PGP or GnuPG and would like to generate and distribute a key or learn how to send and receive encrypted and signed e-mail, I can walk you through the process during the class. I will probably be …

Read more...

Tor in the Elastic Computing Cloud: six months later.

Slightly over six months months ago (almost to the day) I set up a Tor node using a micro-sized instance in Amazon's Elastic Computing Cloud (or EC2), a service which lets you run virtual machines in Amazon's network for very little money per month at all. As before, my virtual Tor router is running in the free service tier, which lets me push 30 gigs of network traffic every month. I've configured Tor to push rather more traffic than that (100 gigs per month at an average speed of 300 KB per second) and automatically go into hibernation mode (dropping …

Read more...

Running a Tor node from Amazon's Elastic Computing Cloud.

Updated: 8 March 2011.

After a discussion on the torservers mailing list about setting up lots of Tor bridges for people to use to connect with the network in areas where it is otherwise blocked, it struck me that I should probably write up how I set up a few back in February during the uprising in Egypt.

Seeing as how I have a limited amount of bandwidth where I live for various reasons (most of all Verizon halting deployment of residential fibre) I've been making use of VPS companies and pushing certain tasks off of my network and onto …

Read more...

Busy times, crazy life.

It's been a really busy week or two so I haven't had time to write much. I realize that it's only common sense, but I still find it amusing that I have the least time to write about what's going on when the most is happening. Funny, how that happens. Anyway, once the opportunity presents itself I like sitting down to make an attempt at describing everything that's been happening. I've mostly been posting hit and run messages to Twitter lately (like everybody else on the planet these days) because I can do that without looking up from everything else …

Read more...

DCLUG presentation: Tor

I'll be giving a presentation on Tor for the Washington DC Linux Users' Group the evening of 19 May 2010. The LUG meeting will start at 1900 EST5EDT (7:00pm) and run until 2100 EST5EDT (9:00pm) or thereabouts; afterward folks usually go to dinner nearby and hang out for a while. The meeting location is 2025 M Street NW; Washington, DC; 20036. From the street look for the big Tux the Linux Penguin poster or a sign for the LUG.

I hope to see everyone there!

My NOVALUG presentation was a success.

Well, it's done. My Tor presentation at the NOVALUG meeting this morning went off without a hitch. It was a little touch and go for a while because neither Lyssa nor I were firing on all eight cylinders due to low blood sugar but we met up with Hasufin and Mika at the halfway point and carpooled over. In the end made things easier (read: I didn't have to navigate). I may have overprepared a bit by having an extra laptop as well as multiple copies of my presentation on hand in case things went pear-shaped, but thankfully no heroic …

Read more...

NOVALUG presentation: Anonymity and Tor.

Confirmation's just hit the NOVALUG website - I will be presenting at the next meeting on 10 April 2010 on the topic of anonymity technologies in general and Tor in particular. Tor is the name of a free/open source utility which protects the user from traffic analysis and some content monitoring by passive attackers. I will discuss the origins of Tor as well as the threat model it was designed for, its capabilities, and potential attacks against the network as a whole and individual users thereof. I will also talk about operational security for users and Tor nodes. I will …

Read more...