Private Tor Bridge.
55 views
Skip to first unread message
Catacombs
May 26, 2020, 9:39:27 AM5/26/20
to qubes-users
Not sure if Qubes Users is the best place to bring this up.
As I look at the various means to get on the Internet, in risky situations:
Public WiFi.
Hotels.
A country which is involved in spying on its citizens.
I notice that Tor has a means for "Bridges." A Bridge being an IP Address that allow one to make a first hop to an IP Address that the ISP, or local server is not expecting, or blocking.
My problem being that if one was in a place like China, then the government is surely trying to gather up all the Bridges which the Tor network has.
Just generally, I see one could create a private webpage somewhere, and place on it the software to allow one to use it as one's own personal, private Bridge. First hop out. Then one could direct the software on the Server to - which ever. start a standard Tor, Connect to a VPN.
It does require trusting where the server is one has put one's software on.
Obviously, one could borrow the Software from Tor to create a Bridge. I did not mention it to Tor, because, as this is risky in several ways, Tor website will not publicly agree to help create this project. Although some of their programmers might advise on how to minimize risks.
And the implementation inside Qubes Network manager software -dom0 has its own special issues.
Any comments? / is this already on the list of suggestions for Qubes?
_DRX_
May 27, 2020, 1:37:32 AM5/27/20
to qubes-users
Hi, Qubes might not be the best Choice here.
But if you want to browse safely in the CLEARNET i would recommend a VPN Provider you can trust. https://thatoneprivacysite.net/
For Countries like China there is a Stealth VPN Option (OpenVPN over SSL or SSH) that works with the DPI in China.
If you want to visit also .onion sites you can Enter on your Tor Browser "a Bridge you trust." https://tb-manual.torproject.org/bridges/
Search Bridges over https://metrics.torproject.org/rs.html#advanced
Michael Carbone
May 27, 2020, 10:48:18 AM5/27/20
to qubes...@googlegroups.com, Catacombs
response as there is nothing Qubes-specific about this topic, the Tor
community would make much more sense.
The Tor Project just came out with a new community portal that has more
information about running Tor relays (in your particular case, bridges):
https://community.torproject.org/relay/
https://community.torproject.org/relay/types-of-relays/
here is a community effort to make setting up a server to use as a Tor
bridge simpler:
https://github.com/StreisandEffect/streisand/
there are certainly other similar projects on github as well.
it sounds like you are interested in reading more about pluggable
transports, which are the different strategies for obfuscating the
initial hop to the Tor network:
https://www.pluggabletransports.info
for example, in China the "meek" pluggable transport still works:
https://www.pluggabletransports.info/transports/
some of these transports are included in Tor Browser so that a user can
still circumvent some censorship mechanisms without the need to create a
private bridge.
The Tor project "will not publicly agree to help create this project"
because it is clear you are just learning about these topics and the
first step should be to research more to understand the issues better,
through which you will find that many people within the Tor community,
in academia, & beyond are actively working on these topics and there is
already functionality within Tor Browser that takes these issues into
account. Because China and some other countries actively work on new
methods to identify and block such initial hops, it will continue to be
a topic for research & development for the foreseeable future.
--
Michael Carbone
Qubes OS | https://www.qubes-os.org
@QubesOS <https://www.twitter.com/QubesOS>
PGP fingerprint: D3D8 BEBF ECE8 91AC 46A7 30DE 63FC 4D26 84A7 33B4
Catacombs
May 27, 2020, 11:28:29 AM5/27/20
to qubes-users
Hi, Qubes might not be the best Choice here.
But if you want to browse safely in the CLEARNET i would recommend a VPN Provider you can trust. https://thatoneprivacysite.net/
For Countries like China there is a Stealth VPN Option (OpenVPN over SSL or SSH) that works with the DPI in China.
If you want to visit also .onion sites you can Enter on your Tor Browser "a Bridge you trust." https://tb-manual.torproject.org/bridges/
Search Bridges over https://metrics.torproject.org/rs.html#advanced
Or search https://lmgtfy.com/?q=tor+browser+over+vpn+&pp=1&s=dhttps://lmgtfy.com/?q=tor+browser+over+vpn+&s=dhttps://lmgtfy.com/?q=tor+browser+over+vpn+&s=dhttps://lmgtfy.com/?q=tor+browser+over+vpn+&s=dhttps://lmgtfy.com/?q=tor+browser+over+vpn+&s=dhttps://lmgtfy.com/?q=tor+browser+over+vpn+&s=d
But if you want to browse safely in the CLEARNET i would recommend a VPN Provider you can trust. https://thatoneprivacysite.net/
For Countries like China there is a Stealth VPN Option (OpenVPN over SSL or SSH) that works with the DPI in China.
If you want to visit also .onion sites you can Enter on your Tor Browser "a Bridge you trust." https://tb-manual.torproject.org/bridges/
Search Bridges over https://metrics.torproject.org/rs.html#advanced
Or search https://lmgtfy.com/?q=tor+browser+over+vpn+&pp=1&s=dhttps://lmgtfy.com/?q=tor+browser+over+vpn+&s=dhttps://lmgtfy.com/?q=tor+browser+over+vpn+&s=dhttps://lmgtfy.com/?q=tor+browser+over+vpn+&s=dhttps://lmgtfy.com/?q=tor+browser+over+vpn+&s=dhttps://lmgtfy.com/?q=tor+browser+over+vpn+&s=d
- show quoted text -
Perhaps I should have written my initial post better. While all you, _DRX_ say about possible Internet Tunnel methods is correct, my first thought is that it leads a well organized, well funded group, which I assume the Peoples Republic of China (Red China) is, directly onto the cyber dissident. A lot of Cyber Dissidents are in prison in China. I presume that a lot of them did try to use Tor, or a pay for VPN.
I can hypothesize how the PRC goes about hunting Cyber Dissidents. Anyone, not given permission, by the security forces, using Tor, or a VPN is identified for scrutiny. Actually at that point, just searching their home, computers is probably sufficient to find the evidence. That is, criticizing the government will be treated as a crime. Just like the Optometrist in Wuhan who tried to warn other doctors there is a highly contagious dangerous disease infecting people. He was told to be quiet, then jailed. His jail sentence apparently ended when the government could not longer deny the existence of a novel Corona Virus, and some noise outside China about the repressive policies of China.
I doubt that many of the other cyber dissidents in jail will be freed because of pressure from outside China. The US government does not much seem to support Human Rights under the Trump Administration. Several years ago Trump wanted Twitter to ban anyone who was critical of him or his policies.
In several countries around the world we have personalities who are like Trump, and have become experts in gathering power into their hands. A few weeks ago, thousands of former US Justice Department individuals suggested Attorney General Barr resign. After Congress passed a version of the Patriot Act where the US government could go through the browsing history of any citizen without a Warrant, that is, without proving that they had a good reason. I think that there are now several thousand former FBI and Justice Department individuals who might think about using QUBES. If they knew of it, and it was more user friendly.
The history of VPN's shows they can be corrupted, coerced into providing information. Truthfully, if I was a tech at a VPN, and some police agency came to me and said, this particular person is a Pedophile. We need to reach into his account, and find the location of others like him, maybe even some missing children. If we find nothing. No harm. No foul. A powerful argument.
Sure, if ones only need was to log into ones bank account, while making sure someone two tables over did not hijack their connection and steal their banking info, then a VPN would be great.
If we were in the techies room in PRC, they would focus on knowing the address of every IP Node, every VPN, or a proxy to VPN's. And finding every one who uses them.
I find it interesting that groups like Amnesty International do not advertise the use of "End to End Encryption, if they use it at all. Perhaps intending to let everyone know, that whatever information given to them is for publication.
Yes it means the ISP can easily see where my first hop out of computer might go. But that IP address is not already on a government list. Tor Nodes, VPN's, and their proxies use would put an individual on the government, investigate further. I feel sure that the PRC techies are constantly trying to scavenge up all the Tor Bridges as they become available. Surely the secure means is where someone brings a Bridge to Cyber Dissident, rather than the Bridge being one of those offered by Tor Site.
Here in the US, we have functioned as though we have Civil Rights, Free Press, are here. Yesterday there were riots in Minnesota because of what appears to be the death of a black man due to the police. Perhaps the man died because of a health problem more than the actions of Police.
I think what I am suggesting needs to be implemented into QUBES itself. So the platform could be more directly installed onto the remote webpage by a non-technical users. To be able to verify I got into my Tunnel and am I am using it. So yes, while it is an Application, rather than an OS, I think it may need to be installed as a Networking AppVM, and available for use by other VM's
Perhaps I should have written my initial post better. While all you, _DRX_ say about possible Internet Tunnel methods is correct, my first thought is that it leads a well organized, well funded group, which I assume the Peoples Republic of China (Red China) is, directly onto the cyber dissident. A lot of Cyber Dissidents are in prison in China. I presume that a lot of them did try to use Tor, or a pay for VPN.
I can hypothesize how the PRC goes about hunting Cyber Dissidents. Anyone, not given permission, by the security forces, using Tor, or a VPN is identified for scrutiny. Actually at that point, just searching their home, computers is probably sufficient to find the evidence. That is, criticizing the government will be treated as a crime. Just like the Optometrist in Wuhan who tried to warn other doctors there is a highly contagious dangerous disease infecting people. He was told to be quiet, then jailed. His jail sentence apparently ended when the government could not longer deny the existence of a novel Corona Virus, and some noise outside China about the repressive policies of China.
I doubt that many of the other cyber dissidents in jail will be freed because of pressure from outside China. The US government does not much seem to support Human Rights under the Trump Administration. Several years ago Trump wanted Twitter to ban anyone who was critical of him or his policies.
In several countries around the world we have personalities who are like Trump, and have become experts in gathering power into their hands. A few weeks ago, thousands of former US Justice Department individuals suggested Attorney General Barr resign. After Congress passed a version of the Patriot Act where the US government could go through the browsing history of any citizen without a Warrant, that is, without proving that they had a good reason. I think that there are now several thousand former FBI and Justice Department individuals who might think about using QUBES. If they knew of it, and it was more user friendly.
The history of VPN's shows they can be corrupted, coerced into providing information. Truthfully, if I was a tech at a VPN, and some police agency came to me and said, this particular person is a Pedophile. We need to reach into his account, and find the location of others like him, maybe even some missing children. If we find nothing. No harm. No foul. A powerful argument.
Sure, if ones only need was to log into ones bank account, while making sure someone two tables over did not hijack their connection and steal their banking info, then a VPN would be great.
If we were in the techies room in PRC, they would focus on knowing the address of every IP Node, every VPN, or a proxy to VPN's. And finding every one who uses them.
I find it interesting that groups like Amnesty International do not advertise the use of "End to End Encryption, if they use it at all. Perhaps intending to let everyone know, that whatever information given to them is for publication.
Yes it means the ISP can easily see where my first hop out of computer might go. But that IP address is not already on a government list. Tor Nodes, VPN's, and their proxies use would put an individual on the government, investigate further. I feel sure that the PRC techies are constantly trying to scavenge up all the Tor Bridges as they become available. Surely the secure means is where someone brings a Bridge to Cyber Dissident, rather than the Bridge being one of those offered by Tor Site.
Here in the US, we have functioned as though we have Civil Rights, Free Press, are here. Yesterday there were riots in Minnesota because of what appears to be the death of a black man due to the police. Perhaps the man died because of a health problem more than the actions of Police.
I think what I am suggesting needs to be implemented into QUBES itself. So the platform could be more directly installed onto the remote webpage by a non-technical users. To be able to verify I got into my Tunnel and am I am using it. So yes, while it is an Application, rather than an OS, I think it may need to be installed as a Networking AppVM, and available for use by other VM's
I will admit to not being knowledgeable in Pluggable Transports. I will read.
My feeling to those who have replied, is that they are technical knowledgeable, but they have little fear as to the consequences of being identified as a reporter of Human Rights Violations.
It is not just part of a browser, I envision some of the features are easy to use. and the Tunnel made available to all the VM's in QUBES.
hut7no
May 27, 2020, 1:51:57 PM5/27/20
to qubes-users
> I notice that Tor has a means for "Bridges." A Bridge being an IP Address
> that allow one to make a first hop to an IP Address that the ISP, or local
> server is not expecting, or blocking.
>
> My problem being that if one was in a place like China, then the government
> is surely trying to gather up all the Bridges which the Tor network has.
If tor bridges are not enough, you might want to try psiphon.
> that allow one to make a first hop to an IP Address that the ISP, or local
> server is not expecting, or blocking.
>
> My problem being that if one was in a place like China, then the government
> is surely trying to gather up all the Bridges which the Tor network has.
Reply all
Reply to author
Forward
0 new messages