[tbb-bugs] #28556 [Applications/Tor Browser]: Detect other installed circumvention tools and offer them as transports

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Nov 21 07:35:26 UTC 2018 

#28556: Detect other installed circumvention tools and offer them as transports
------------------------------------------+----------------------
     Reporter:  arma                      |      Owner:  tbb-team
         Type:  project                   |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:  ux-team
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:  Sponsor19                 |
------------------------------------------+----------------------
 If the Tor Browser user has Lantern installed on the system too, and
 direct Tor traffic is blocked, wouldn't it be cool to offer the user the
 option to send their Tor traffic via Lantern into the Tor network?

 More broadly, many tools focus on "access" rather than Tor's more
 comprehensive goal of "safe access", and while each of them offers
 tradeoffs around performance, reliability, and safety, it seems like a net
 win to make it straightforward for Tor Browser (via the pluggable
 transport selection menu) to route through them if they're present.

 One stumbling block: some of these access tools try to make it hard for
 other processes on the system to notice that they're present. I hear
 Lantern is one of those -- it uses simple techniques like randomizing its
 proxy port, but it doesn't currently use more sophisticated approaches
 like changing its process name. But "detecting apps that don't want to be
 detected" doesn't seem like a fun arms race for Tor Browser to get into.

 Another stumbling block: some of these access tools are centralized, which
 makes it sketchier to route traffic through them. But we already accept
 exactly this tradeoff in the case of meek, so I'm ok with this angle.

 So, to make this ticket more concrete:

 * Let's make a list of other "access" tools in our space that we'd like to
 play well with.

 * Then let's ask each of them if they'd like to offer some API for us to
 detect their presence and learn how exactly to use them (similar to Tor's
 "ControlPortWriteToFile" config option, which writes out a file with
 parameters on how to interact with the running Tor).

 * Assuming the resulting set isn't empty, let's teach Tor Launcher how to
 configure Tor to use them, and add the option(s) to Tor Browser's
 pluggable transport menu.

 (The VPN interfaces are I think different from this idea, since in that
 world they already have the notion of either selecting what apps to
 capture traffic from, or they just ask to capture all traffic. So there's
 nothing the Tor Browser needs to do for those cases. Unless I'm wrong?)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28556>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list