Arti – An implementation of Tor in Rust
blog.torproject.orgCouldn't find any introduction to the project on the blog but the official repo has more info on the background for the project:
>Rust is more secure than C. Despite our efforts, it's all too simple to mess up when using a language that does not enforce memory safety. We estimate that at least half of our tracked security vulnerabilities would have been impossible in Rust, and many of the others would have been very unlikely.
>Arti is cleaner than our C tor implementation. Although we've tried to develop C tor well, we've learned a lot since we started it back in 2002. There are lots of places in the current C codebase where complicated "spaghetti" relationships between different pieces of code make our software needlessly hard to understand and improve.
The introduction was here: https://blog.torproject.org/announcing-arti/
Well done and thank you to all involved. You are making a real difference on the side of democracy, human rights and the values of the free world at an uncertain time when so much is under threat.
Towards the flagged sibling comment about the tor network providing a hiding place for illegal activities and terrorism:
While it's non-trivial to inspect many aspects of tor traffic, an often used study metric has been the (determinable) percentage of connections to hidden services, which are usually assumed to be disproportionately malicious.
This ranges around ~5% across most studies, the most recent one I can find shows similar results[0].
Results are limited by the inability to account for lawful use of hidden services, but also the percentage of malicious use outside of them.
It's easier to account for the quantity of malicious use of Tor towards non-hidden internet websites
> Based on data across the CloudFlare network, 94% of requests that we see across the Tor network are per se malicious.
> Based on data across the CloudFlare network, 94% of requests that we see across the Tor network are per se malicious.
I'm skeptical about their metrics. If I try to access a cloudfare protected site and never manage to finish the infinite captcha look or just change my mind after seeing the captcha, do they consider it a successful block? Even if we think they have some magic way of actually knowing whether all requests are malicious or not:
> That doesn’t mean they are visiting controversial content, but instead that they are automated requests designed to harm our customers. A large percentage of the comment spam, vulnerability scanning, ad click fraud, content scraping, and login scanning comes via the Tor network.
Personally I don't think content scraping and vulnerability scanning are "malicious per se", by that metric even Google (and every other search engine) would be malicious.
For comparison, I'm curious what the percentage is excluding Tor.
Criticism of this work[0] from which may be relevant.
"I could not find any reference to the toolset used to identify the websites being visited by the scanned users. I think this is important for external verification of the validity of the data. If the software is public and known, could the authors reference it? If the code is new, could the authors deposit it along the rest of the code in the OSF repository? This should not be a problem, since the authors do not have any conflict of interest."
[0] https://pubpeer.com/publications/3CE766FE19680525B332FA0004A...
> which are usually assumed to be disproportionately malicious.
Why is this assumed?
So at this point it is ready for passing traffic through a SOCKS proxy. Meaning we can `cargo run --release -- proxy` and redirect applications to use port `9150` for their network connections.
Couple of related questions:
- Does anyone know, in a Linux distro, how to pass all system traffic through a SOCKS proxy port? I'm not looking for intermediary proxy handlers but an official method to force all user and system apps to use an arbitrary port.
- If it is not possible to do so, does `NetworkManager` have a setting for this?
- Is it possible to at least change Chrome/Firefox ports via CLI to an arbitrary port?
I don't think you can generally expect all processes to transparently use a SOCKS proxy? You might be able to finagle a custom vpn around it, I suppose. But AFAIK SOCKS isn't 100% transparent at the IP layer allowing all protocols to transparently layer on top?
I guess SOCKS5 handles tcp and udp - so you might get away with redsocks (which explicitly recommends against using with TOR):
https://github.com/darkk/redsocks
See also transocks (SOCKS4 tcp only): https://transocks.sourceforge.net
And transocks (in go) https://github.com/cybozu-go/transocks
Ed: see also https://news.ycombinator.com/item?id=30684574
Does anyone know how TAILS accomplishes this, then? It doesn't rely on a relay like Whonix does, but I'm not a networking expert or a Linux expert, so I'm not altogether sure how it does work.
TAILS has a very simple approach:
- Configure all applications to use Tor with the SOCKS proxy
- Block all non-Tor traffic with iptables
Ah, interesting, thank you. As far as point (b) goes, it seems to work pretty well: I can’t recall an occasion where I’ve had traffic blocked. (I suppose in practice not many applications use custom IP-but-not-TCP-or-UDP-based protocols.) So could that same thing not be a solution to e12e’s question?
Tor itself does not support UDP, even if SOCKS might
Good point. Makes it a better fit for SOCKS I suppose. Tor does dns over tcp - or no dns?
SOCKS explicitly supports DNS but no other UDP.
One way is to enable a global `LD_PRELOAD=libtsocks.so` (transparent socks) environment variable where you provide an optionally suid (to allow suid binaries to use it if you want) library that overrides `connect`, etc. and forwards them to your socks proxy. Make sure you get ipv4 and ipv6 support if you care. This is not bullet proof by any means. Any application that doesn't using the C library (e.g. go) will not proxy, but most things will.
There is a shell wrapper `tsocks` that does all that - all you need is to configure the SOCKS server/port in /etc/tsocks.conf and run `tsocks $COMMAND`, and all the TCP connections of `$COMMAND` will be tunneled through the SOCKS proxy.
Combined with ssh's `-D` option, it becomes a powerful ad-hoc VPN tool.
TIL about stocks - thank you!
You have to be careful proxying everything through Tor if you care about using Tor to its full effectiveness, widely known issues with exit nodes aside, applications may naively sent through the same circuit: https://www.whonix.org/wiki/Stream_Isolation
Best option is to use software that supports SOCKS. Alternatively you can set up local proxies (eg stunnel) or inject SOCKS support into the TCP calls of your app (eg. ProxyChains)
Tor only supports TCP, so you cannot route all traffic over Tor, you will have to drop a bunch.
The way it's done is described here:
https://unix.stackexchange.com/questions/166692/how-does-a-t...
A part from tor I don't know if there's a generic tool packaging this.
Isn't that just NAT through a SOCKS proxy as transport.
Never would have imaged that use case.
>Never would have imaged that use case.
circumventing censorship and geo-restrictions?
Let me clarify --
I never would have imagined SOCKS being used for this use case. There was no such thing as geo-restrictions or censorship at the time on the internet.
Theoretically with systemd there is a way to create a container to do this. But its too complex, i could not get it to work.
<NOTIFICATION: Incoming chat from random IT person> Hey so I’ve been meaning to ask you about all this ssh traffic coming from your box. Do you know what that could be?
Is this possible to run on no_std systems or systems like XousOS (has its own std)? Would be cool to run on Precursor.
https://www.crowdsupply.com/sutajio-kosagi/precursor/updates...
Right now it's not possible, but you could open an issue and maybe someday it will be! If you want to open an issue, it's here https://gitlab.torproject.org/tpo/core/arti/-/issues . If you don't want to create an account, say it and I'll create the issue for you.
Edit: corrected typo in link
I'm so happy we are finally getting an easy to use library to use Tor. I've wanted to use Tor in some of my projects but I didn't like having to install it or expecting the user to have it installed already. Time to re-learn rust...
Every time a piece of legacy c/c++ code get's replaced with something written in a sane language i smile a little!
Unfortunely there are tons of domains that it will never happen, given the existing ecosystem
We as society basically have to undo 50 years of going into the wrong direction, without the economical incentives to fix them, rather mitigate their faults.
While that is true and for some extreme cases might stay true for a long time (> 100 years) most software has a lifetime, even if it's damn long and as long as we start writing new software in better languages we will see progress over time, simply by old software dying or no one being able to deal with the legacy codebase anymore
There are millions of lines of code written in COBOL in production use, pretty much all of them addressing business-critical needs. FORTRAN scientific codes are not far behind, either. Better get crackin'.
Yet COBOL and Fortran standards are way more modern than WG14 will ever bother doing to C.
An enticing UVP for Arti would be that it allows rust services to easily have cheap built-in network redundancy via tor integration. This would make it trivial for administrators to set up alternative access to their services if their services can reach tor.
This would allow global access to services in case of DNS outages, superfluous takedown requests, or anything in between.
Onion service support seems to be TBD, unfortunately.
I2P should be preferred. IP2D it's a nice daemon.
Yeah I hate to always be that guy, but while I think Tor is great in that it exists at all and has inspired other projects, I think I2P is an overall better design. Not having a history with the US military or funding from DARPA is a plus, IMO. Tor isn't necessarily flawed for that reason, but I trust less anything the US government takes an interest in.
For anyone wondering what we're talking about:
https://geti2p.net (Official Java implementation)
https://github.com/PurpleI2P/i2pd (C++ implementation)
The unfortunate thing is that, as far as I'm aware, I2P doesn't have a "Tor Browser" of sorts, and most people would want to use I2P as a clearnet proxy; the audience for I2P may always be significantly less than that of Tor even if it was revealed that Tor was totally flawed.
I think that I2P could benefit from selling itself less as a means of anonymity and more as decentralized, censorship-resistant web hosting. The clearnet should then have inproxies to expose I2P sites rather than the other way around, as is the typical use case for Tor. That way you can spin up an I2P instance anywhere, instantly have a web server on a unique address, and have it be available on any number of clearnet inproxy nodes as well as to anyone connected directly to the network.
Having played a lot with I2P recently, I find it more "fun" than using Tor. It lacks in content, but its focus on hidden services (eepsites) and the relatively small number of users is reminiscent of he web back when I first started using it in the 90s. I like that it has a sort of DNS system that is only as centralized as you want it, and that it has a built in way of assigning your own domain aliases. Even if you (the reader) aren't interested in anonymous decentralized networking for any practical reason, I'd say it's worth testing out I2P just to get a kick out of how novel it is.
The title. Omg. It is incorrect. Misleading. And infuriating.
How so?
Because it is just a library for rust programs. Not even close to reimplementation of Tor for general use.
edit: yea, downvoters, show your own inability to process truth. I love this grown up behavior here on HN.
It's also a SOCKS proxy, which at least the last time I used Tor standalone (where I'd have to configure it myself, as opposed to as part of TBB or TAILS where it's set up for me) was the main way a client would access the network.
I’m not in the slightest bit surprised you are being downvoted — your comment is overly dramatic and not a remotely useful contribution. The title of the post of “An implementation of Tor in Rust”. The project claims to be an implementation of Tor, which it is, and it claims to be written in Rust, which it is. It doesn’t claim to be a standalone replacement, it doesn’t claim to be finished and it doesn’t claim to be not-a-library.
I think the downvotes were for an very emotional claim ("infuriating") backed up by 0 arguments. Although it is weird to me that the actual explanation got downvoted instead of the original claim
It will eventually be stable in September. Meanwhile having to test out Arti's versatility to embed in any Rust program is fantastic
It's also a binary that supports a SOCKS proxy.
FYI, complaining about downvotes violates the HN guidelines.