• Bentasker.co.uk now available as a Tor Hidden Service

    Hidden Services have had something of a bad rap in the media of late, whilst it's undoubtedly true that some host some unpleasant material, the same can equally be said of the World Wide Web.

    Hidden Services do have the potential to bring a much higher level of privacy to the end-user, and aren't always about hiding the origin from the user (or an attacker). The cryptography used in Tor's transport is arguably much stronger (and easier to change if found to be broken) that is available for HTTPS.

    To that end, I thought it would be wise to configure the site to be multi-homed, that is to be accessible via both methods.

    Because both are run by the same back-end, updates will appear on both at the same time.

    So, you can now access BenTasker.co.uk at either

    A link to the .onion has also been added to the Privacy bar on the left.

  • Building a Tor Hidden Service CDN

    Last year I started experimenting with the idea of building a Hidden Service CDN.

    People often complain that Tor is slow, though my domain sharding adjustments to the bentasker.co.uk onion have proven fairly effective in addressing page load times.

    On the clearnet, the aim traditionally, is to try and direct the user to an edge-node close to them. That's obviously not possible for a Tor Hidden service to do (and even if it were, the users circuit might still take packets half-way across the globe). So, the primary aim is instead to spread load and introduce some redundancy.

    One option for spreading load is to have a load balancer run Tor and then spread requests across the back-end. That, however, does nothing for redundancy if the load-balancer (or it's link) fails.

    The main aim was to see what could be achieved in terms of scaling out a high traffic service. Raw data and more detailed analysis of the results can be seen here. Honestly speaking, It's not the most disciplined or structured research I've ever done, but the necessary information should all be there.

    This document is essentially a high-level write up along with some additional observations

  • Building a Tor Hidden Service From Scratch - SELinux

    On a system with SELinux, upon attempting to start Tor, you may see errors similar to the following

        [root@localhost tor]# service tor start
        Raising maximum number of filedescriptors (ulimit -n) to 16384.
        Starting tor: Apr 02 15:53:14.041 [notice] Tor v0.2.5.11 (git-83abe94c0ad5e92b) running on Linux with Libevent 1.4.13-stable, OpenSSL 1.0.1e-fips and Zlib 1.2.3.
        Apr 02 15:53:14.042 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
        Apr 02 15:53:14.042 [notice] Read configuration file "/etc/tor/tor-rpm-defaults-torrc".
        Apr 02 15:53:14.042 [notice] Read configuration file "/etc/tor/torrc".
        Apr 02 15:53:14.056 [notice] Opening Socks listener on 127.0.0.1:8080
        Apr 02 15:53:14.057 [warn] Could not bind to 127.0.0.1:8080: Permission denied
        Apr 02 15:53:14.058 [notice] Opening DNS listener on 127.0.0.1:54
        Apr 02 15:53:14.060 [warn] Could not bind to 127.0.0.1:54: Permission denied
        Apr 02 15:53:14.060 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9040
        Apr 02 15:53:14.062 [warn] Could not bind to 127.0.0.1:9040: Permission denied
        Apr 02 15:53:14.062 [warn] Failed to parse/validate config: Failed to bind one of the listener ports.
        Apr 02 15:53:14.062 [err] Reading config failed--see warnings above.
        /usr/bin/torctl start: tor could not be started
    

    Which is almost certainly the result of a selinux policy

  • Building a Tor Hidden Service From Scratch - Part 1 - Design and Setup

    Despite some fairly negative media attention, not every Tor Hidden Service is (or needs to be) a hotbed of immorality. Some exist in order to allow those in restrictive countries to access things we might take for granted (like Christian materials).

    Whilst I can't condone immoral activities, Tor is a tool, and any tool can be used or misused

    This is part one in a detailed walk through of the considerations and design steps that may need to be made when setting up a new Tor Hidden Service.

    The steps provided are intended to take security/privacy seriously, but won't defend against a wealthy state-backed attacker.

    How much of it you'll need to implement will obviously depend on your own circumstances, and in some cases there may be additional steps you need to take

  • Building a Tor Hidden Service From Scratch - Part 2 - HTTP and HTTPS

    Despite some fairly negative media attention, not every Tor Hidden Service is (or needs to be) a hotbed of immorality. Some exist in order to allow those in restrictive countries to access things we might take for granted (like Christian materials).

    Whilst I can't condone immoral activities, Tor is a tool, and any tool can be used or misused

    This is part Two in a detailed walk through of the considerations and design steps that may need to be made when setting up a new Tor Hidden Service.

    The steps provided are intended to take security/privacy seriously, but won't defend against a wealthy state-backed attacker.

    In Part One we looked at the system design decisions that should be made, and configured a vanilla install ready for hosting hidden services.

  • Building a Tor Hidden Service From Scratch - Part 3 - General User Anonymity and Security

    This is Part 3 of my Hidden Service From Scratch documentation. In Part One we designed and built our system, in Part Two we configured HTTP Hidden Service hosting.

    In this documentation, we'll be looking more generally at user account and identity protection, as well as examining why you may need to maintain a certain level of paranoia even if your hidden service doesn't fall outside the law in your home country.

  • Building a Tor Hidden Service From Scratch - Part 4 - Conclusion

    You may not be finished

    Although we've examined designing and implementing Tor Hidden Service in quite some depth, some users will likely find that there are still additional considerations that they need to make.

    For example, whilst we discussed the risks of traffic leakage, we did very little to avoid it - one solution, assuming you have out-of-band access to the host system, is to add iptables rules to ensure that all TCP and DNS traffic is redirected to the ports operated by the Tor Daemon.

    You'd still then need to look at filtering out other protocols (including UDP on all other ports) in case someone discovers a means to have your host system send arbitrary traffic.

    Similarly, we haven't discussed the impact of your Guard being compromised, those with serious concerns may need to look at running their own guards to help reduce the effectiveness of common Hidden Service de-anonymisation attacks

    It's also important to remember that this documentation may not cover threats which have not been discovered yet, security is a continuous exercise.

  • Don't Use Web2Tor/Tor2Web (especially Onion.cab)

    Web2Tor and Tor2Web are reverse proxies which allows clearnet users to access Tor Onion Sites (AKA Hidden Services), and there are a variety of services available online (such as onion.to, onion.cab, onion.city and onion direct) running this service.

    This post details why using these is such a bad idea, as well as detailing some of the changes I'm making to the site to help discourage use of these services.

  • Generating a vanity .onion address

    Tor Hidden Services are accessed through a web address ending in .onion. Generally speaking these appear to be random strings of letters and numbers, though they're actually a representation of the public key generated when the operator created their hidden service.

    It is possible, however, to attempt to generate a keypair which will allow you to generate a desired vanity URL, though the process is essentially a brute-force of key combinations, so may take some time.

  • Hosting TOR Hidden Services (.onions)

    The level of effort required to set up a TOR Hidden Service (known as a .onion) largely relates to the amount of paranoia you need to exercise regarding your anonymity.

    Whilst the ins and outs of Operational Security (Op-Sec) are a little too intricate for a single post, this documentation will take you through the steps required to configure a Debian server to host a .onion site with reasonable protections in place.

  • Multi-homing a Joomla site between the WWW and a Tor Hidden Service

    I did some work recently on making BenTasker.co.uk available via both a Tor Hidden Service (otherwise known as a .onion) and via the WWW.

    The reasons for doing this are published elsewhere, but this documentation summarises the steps I had to take (and why) in order to have the site safely accessible via both routes of access.

    For those who are interested, there's a far higher level of detail over on Projects.bentasker.co.uk.