Delivery-Date: Fri, 30 Jan 2015 07:17:28 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,
	URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 07E591E08B8
	for <archiver@seul.org>; Fri, 30 Jan 2015 07:17:27 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 57F9732D66;
	Fri, 30 Jan 2015 12:17:22 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id F2CF932CF8
 for <tor-talk@lists.torproject.org>; Fri, 30 Jan 2015 12:17:18 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id s2TTeC1QEgVi for <tor-talk@lists.torproject.org>;
 Fri, 30 Jan 2015 12:17:18 +0000 (UTC)
Received: from mail-we0-x236.google.com (mail-we0-x236.google.com
 [IPv6:2a00:1450:400c:c03::236])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id A675B325FC
 for <tor-talk@lists.torproject.org>; Fri, 30 Jan 2015 12:17:18 +0000 (UTC)
Received: by mail-we0-f182.google.com with SMTP id l61so26749018wev.13
 for <tor-talk@lists.torproject.org>; Fri, 30 Jan 2015 04:17:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=message-id:date:from:user-agent:mime-version:to:subject:references
 :in-reply-to:content-type:content-transfer-encoding;
 bh=EX7SvnfTh4p5rcfghmlDnaoSY2kxPEbLuD8h2+yYBng=;
 b=O4ModI0v/7kHeBvu5Izh4DvVEMWHG8OPq076TT+j39IvGBICi7IP6vXHczzTlnuGdI
 aWAYzvPy6l5PydZXOIw4qbJY4ZMTjzom9D004Eo9U4oG7jcT+juB4FECW7WJqRMNvHZ+
 /0wbp2C7euAZoalUx3mWcShlcLmkwP0JvAJsa9AhtvwUgVdqEZ0T48nRxueYqrRHMIEa
 LdZgwsFkSWAPh+y/1Wsr83vjL/gfneEawFuJxULJZFhpsDsxi6/osUXCq/oMw6ao84sk
 o5a/jvJCpdF2fYOUfXSb7xFOxFttb10FjVRwyxSjurzeuXH2BIfUWsyTTO8332KOD9AK
 1hfw==
X-Received: by 10.180.98.162 with SMTP id ej2mr4215647wib.39.1422620235420;
 Fri, 30 Jan 2015 04:17:15 -0800 (PST)
Received: from [192.168.1.11] (ANice-652-1-19-126.w83-201.abo.wanadoo.fr.
 [83.201.30.126])
 by mx.google.com with ESMTPSA id u7sm6690750wiy.18.2015.01.30.04.17.14
 for <tor-talk@lists.torproject.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 30 Jan 2015 04:17:14 -0800 (PST)
Message-ID: <54CB7649.7080906@gmail.com>
Date: Fri, 30 Jan 2015 13:17:13 +0100
From: Aymeric Vitte <vitteaymeric@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3;
 rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <CAMCPh3yW-1mqmTsiA0vW9ipBpuovWZ06EraNo-bDodSV1=hdbQ@mail.gmail.com>
 <20150129212015.GJ6456@patternsinthevoid.net> <54CAB5E7.8020501@gmail.com>
 <54CABB28.3040105@gna.org>
In-Reply-To: <54CABB28.3040105@gna.org>
Subject: Re: [tor-talk] WebRTC to uncover local IP
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="windows-1252"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Indeed, thanks, the link is http://www.peersm.com/img/webrtc.png

But looking at it since this drawing is now out of its context I am =

afraid that it could be somewhere confusing.

This was an attempt to see how to combine WebRTC signaling with an =

anonymizer network, in order not to be mitmed by the signaling server =

(ORDB in the drawing) Alice and Bob need to encrypt their IP:port, which =

means that they should share a secret, know each other, etc, which is =

difficult and not very realistic.

I think the concepts of WebRTC with an anonymizer network are better =

explained now here: =

https://github.com/Ayms/node-Tor#anonymous-serverless-p2p-inside-browsers--=
-peersm-specs

But this project can only fetch, not browse, that's why I am thinking to =

something like the proxy concepts explained below.

Le 29/01/2015 23:58, Christian Gagneraud a =E9crit :
> On 30/01/15 11:36, Aymeric Vitte wrote:
>>
>> Le 29/01/2015 22:20, isis a =E9crit :
>>> Even better than disabling it, the Tor Browser Team really needs help
>>> from
>>> someone with a really strong knowledge of WebRTC and its potential
>>> privacy
>>> caveats to help us assess which parts of WebRTC (if any) that we might
>>> be able
>>> to safely allow.  The reason it's entirely disabled is because we know
>>> some
>>> parts are unsafe, and sadly we didn't have the time/resources to =

>>> sort out
>>> which parts are which. :/
>>
>> I thought that the Tor project team had already a strong knowledge of
>> WebRTC since recently we saw that the future might be flashproxy
>> combined with uProxy (then WebRTC) to do something unstoppable.
>>
>> Some time ago I made [1], this drawing is supposed to explain simply how
>> WebRTC works and at that time just leaded to the conclusion that the
>> signaling servers are the perfect MITM and that the STUN servers can
>> correlate the connections, then the IPs.
>
> You forgot to give the url.
>
>>
>> But the signaling servers are not mandatory finally, WebRTC peers can
>> introduce each others, but you still need some servers accessed usually
>> via WebSockets to bootstrap the process, these are the concepts of
>> projects like Peersm (which at the same time solves the issue of WebRTC
>> DTLS self signed certificates) and WebTorrent.
>>
>> I did not study it deeply but in the strict context of the current Tor
>> Browser, I think that nothing is safe in WebRTC, and it should be
>> entirely disabled.
>>
>> Another more interesting idea that I have repeatedly posted without
>> getting any feedback would be to allow to set the browser's proxy to an
>> interface, like WebSockets or WebRTC.
>>
>> Example: let's take the proxy auto config mechanism, the pac file (let's
>> forget about the security aspects to retrieve it here) which contains
>> findproxyforurl is sandboxed and executed inside browsers, it is called
>> by the proxy and returns an url.
>>
>> Instead of returning an url, you could have the Tor protocol inside the
>> pac file (so sandboxed too) and it could return an Object, the Tor
>> protocol would establish circuits via WebSockets or WebRTC with the Tor
>> network or between browsers, the proxy would use the Object to write to
>> those circuits and read from them (like a duplex stream
>> proxy.pipe(Object).pipe(proxy))
>>
>> The interest would be to have Tor on any device, I am not saying that
>> the pac file could be a solution, that's just an example of how this
>> could work based on what exists today, now still remains the issue of
>> implementing all of what the Tor Browser is doing, but it's still
>> interesting to study, it certainly applies to projects mentioned above
>> and plenty of others, now or later.
>>
>

-- =

Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

