Integrate Anonymity support of Tor

[fpietrosanti]

In the post-snowden age privacy play a fundamental role in the any technology that could be massively being used by end-users to communicate on the internet.

This ticket is to propose integration of Tor Anonymity support directly within Breach, in order to provide to developers, and thus to end-users, built-in anonymous browsing support.

Tor www.torproject.org is being used with it's own Tor Browser Bundle by +600k users everyday to browser the internet anonymously.

By integrating Tor properly, it could provide a great benefit for major applications focusing on privacy and anonymity.

[jedahan]

I added a wiki page to keep track of module ideas, not sure if its the best place though... https://github.com/breach/mod_strip/wiki/Modules

[rauchg]

Early in the days of Node.JS we used a similar wiki page on the main project, divided into a list of modules from users, and a list for ideas. Worked extremely well. Maybe recreate that on https://github.com/breach/breach_core ?

— Guillermo Rauch – @rauchg https://twitter.com/rauchg

On Fri, Jul 11, 2014 at 12:35 AM, Jonathan Dahan [email protected] wrote:

I added a wiki page to keep track of module ideas, not sure if its the best place though... https://github.com/breach/mod_strip/wiki/Modules

— Reply to this email directly or view it on GitHub https://github.com/breach/breach_core/issues/86#issuecomment-48702271.

[paultibbetts]

:+1: for Tor integration. For me the Indie Tech Manifesto sums up why

[spolu]

So I presume this would require to interecept URL requests and reroute them through tor... using maybe npm module torfetch.

This need a little bit of work in the ExoBrowser layer to exposer the adequate APIs, but I don't see why it's not possible!

[fpietrosanti]

@spolu Supporting anonymity since from the very early stage, would probably "catalyze" a lot of the privacy and security communities to work on breach, using it for various projects!

[spolu]

@fpietrosanti totally and absolutely agreed.

[miketheprogrammer]

I am a fan of creating modules for TOR as well as MeshNets, however for now just use proxychains

proxychains Breach

EDIT* plus proxychains is better than just tor, especially with a little configuration.

[spolu]

We could use a proxy running in a module and redirect URLs to that on demand... only it wouldnt behave correctly on absolute URL within the pages and would revert to using the default internal handler to resolve the URL request...

[claudioc]

:+1:

[corysimmons]

:+1:

[thecotne]

+1

[benfb]

:+1:

[miketheprogrammer]

I still suggest proxychains. Tor is notoriously insecure without it due to dns leakage. I will try to confirm if proxychains work s on linux and if proxychains4 works on osx. If you truly wish to be secure you must redirect all outgoing traffic through a proxy and not expect your browser to do it.

[fpietrosanti]

@miketheprogrammer proxychains approach works only on Linux and OSX and cannot work on Windows due to the problem with API hooking. The "dns leakage" it's only a matter on how you properly wrap the dns resolution API from within breach code, so it's a non-issue because can be fixed during the integration.

[miketheprogrammer]

Makes sense. Thanks Fabio. On Jul 23, 2014 8:15 AM, "Fabio (naif) Pietrosanti" < [email protected]> wrote:

@miketheprogrammer https://github.com/miketheprogrammer proxychains approach works only on Linux and OSX and cannot work on Windows due to the problem with API hooking. The "dns leakage" it's only a matter on how you properly wrap the dns resolution API from within breach code, so it's a non-issue because can be fixed during the integration.

— Reply to this email directly or view it on GitHub https://github.com/breach/breach_core/issues/86#issuecomment-49865559.

[vinz243]

:+1: