Title: The Tor BSD Diversity Project CSS: torbsd.css Author: gman999 Editors: attila Data: 2016-10-31 X-Note: These lines at the top are multimarkdown metadata; leave them. {{meta.md}}
{{header.md}}
TDP's current focus is primarily on porting Tor Browser to OpenBSD and presentations at various events and conferences about TDP, besides finding software bugs and operating long-term relays and bridges. The listed projects are at various stages of development, from planning to implementation. Funding would provide the necessary resources to dedicate the time to continue the projects, and bring more to fruition.
TDP's work can be divided into several broad categories:
A port of Tor Browser (TB) enables easier porting to other POSIX-based systems. Standards enable portability which leads to more operating system diversity.
TDP released multiple sets of packages since launching in March 2015 for testers from around the Internet. This also commenced the process of pushing patches upstream to aid in other porting efforts c.f. tor ticket 20497.
TDP is committed to continuing to ensure the OpenBSD community can use TB. Our preferred method for accomplishing this is getting it into the official ports tree. Once there, TDP will continue maintainership, but acceptance into the OpenBSD ports tree enables development input from the broader OpenBSD community.
An OpenBSD TB adds to Tor client diversity, engaging a security-conscious group of end-users. It also can add relay diversity because all TB users can also be relay operators while they're running TB.
Future work:
- Pluggable Transports: current porting effort focused on the core of TB: tor-browser and the five key browser extensions. Next step is to port Pluggable Transports;
- Automation of various aspects of the process of maintaining the TB ports to shorten turnaround time for new releases;
- Purchase of hardware to ease in keeping ports up to date and to help with other privacy-enhancing technology-related (PETs) porting efforts to the BSDs.
TDP has already produced a driver for the Alea and had it accepted into the OpenBSD source tree. As a result of doing this work TDP has now received donations of two other USB TRNG devices: an FST-01 and a TrueRNG. TDP will write drivers for them and get them accepted into the tree. It would also be worth investigating getting the OpenBSD USB TRNG drivers ported to other BSDs, with FreeBSD as a likely first choice.
Various ideas on the table for porting targets to OpenBSD to start with include:
- Signal
- TorBirdy
- FreeNet
- OnionCat
- OnionShare
- TorMessenger
- BitMessage
- obfsproxy and other pluggable transports
Starting from the TDP OpenBSD port of Tor Browser, FreeBSD should be a relatively easier porting target. Currently in the planning phase, with interest expressed by several developers, including from HardenedBSD
Porting OpenBSD's signify to other OSs
signify(1) a single-purpose/small-footprint alternative to the complexity of GnuPG for the purposes of signing and verifying digital signatures. Used by the OpenBSD packaging system and release engineering process.
TDP is also considering an open source graphical user interface for signify, to increase usability for less technical users.
OpenBSD only allows stable applications in its port system. Meanwhile the Tor Project's alpha versions are released frequently, and address mitigation against rapidly evolving adversaries and threat models. TDP would like to investigate the idea of proposing a port that tracks Tor's bleeding edge. The preferred outcome would be for the inclusion of tor-alpha into the ports tree; there is some small precedent for this despite the norm, e.g. both current Mozilla Firefox and ESR are in the ports tree. If TDP fails in convincing the community to accept this our fallback would be to produce and sign our own packages of alpha-release Tor for OpenBSD.
TDP initiated "simple English" guides for configuring Tor relays on both FreeBSD and OpenBSD. TDP intends to complete these and produce translations in other languages.
A discussion at the September 2016 Tor Summit came to the consensus that these relay guides could play a pivotal role in enlisting more BSD relay operators.
Initial target translation languages for relay configuration guides include Russian, Arabic, Spanish, Portuguese and French, partially informed by a recent study on the most common second languages.
One half of TDP is located in New York City, the other half is in Mexico. They collaborated on different levels for over a decade, but never met face-to-face. A physical meeting at a half-way point would be enormously beneficial to pushing the various TDP projects forward, in addition to planning future projects.
All of these events are excellent platforms for TDP presentations and the distribution of publicity about the project. In addition to presentations, TDP is looking to begin conducting more birds-of-feather sessions specifically aimed at current and prospective BSD Tor relays operators.
- CCC in Hamburg, December 2016;
- IFF in Valencia, March 2017;
- Tor Summit in Amsterdman, March 2017;
- AsiaBSDCon (TBD);
- EuroBSDCon in Paris, September 2017.
Additionally, TDP is looking to conduct a public meeting in New York City. With a large network in the NYC open source and privacy communities, a public meeting could enlist a number of open source, NGO and corporate co-sponsors. The TDP member in Mexico would be involved on a remote video link.
George attended the Tor developer summit in Seattle (September, 2016). One subject raised at the meeting was the authoring of a Tor diversity white paper focused on various metrics of diversity: OS, geography, architecture, Autonomous System, etc. TDP is interested in pursuing this with the goal of publishing in a PETs-related conference and/or journal.
For TDP to single-handedly run a lot of *BSD Tor relays would replace the operating system monoculture problem with a monoculture of relay operators. Therefore this list is limited as TDP already operates high-bandwidth Tor relays.
- New York Internet relays: NYI offered to provision and host two high-capacity Tor relays near the core of the Internet. TDP would configure the relays and maintain access to them; NYI staff would be enlisted to operate them;
- OpenBSD armv7 relay network: continue our work on bootable flash images based on OpenBSD that work on SoC-style computers (BeagleBone, RasPI, etc.);
- Running OpenBSD/macppc and/or OpenBSD/sparc64 relays to enhance bug-finding for TDP and the BSD Buildbot as non-standard hardware platforms for Tor;
- Open letter to BSD firms to run relays: There are many large corporations that rely on BSD code and infrastructure, including WhatsApp, Juniper and NetFlix. Following Mozilla's lead in running Tor relays as a business entity, TDP would query these firms through our wide network of contacts and work at convincing them to run relays themselves. TDP would provide assistance but the relays would be maintained by the respective entity;
- Publicity materials for conferences, including a generic TDP business card and stickers: The great weakness of TDP since inception is publicity. The focus has been exclusively on development and conference presentations. With some publicity, TDP significantly impact the BSD community as the target audience.
{{footer.md}}