In an age of so much free-flowing data at the fingertips of anyone interested from companies to hackers, privacy has become a luxury for the rich and powerful. As such, we are providing tools and news about Tor that make it easier for the everyday person to remain anonymous online.
What It Does
An Onion Service is an anonymized way to host content on the Tor Network. This is facilitated by a server establishing 'Introduction Points' (IP) that then facilitate Users introducing themselves to create a 'Rendezvous Point' (RP). This RP is then an isolated node at which the User and Service are able to 'meet anonymously' and exchange requests and the content requested.
An "Onion-Ring" is a description of the kind of connection formed between Users and Onion Services. This is done through two "Onion-Rings"--the final two Tor circuits that connect the user and the host to the RP. This works well, but in the case of exceptionally effective Flow-Correlation Attacks--see DeepCorr--it might be dangerous for the provider of the content to to reveal themselves this way. Our suggestion is chain more Onion-Rings together.
This utility, in addition to managing automatic 'Onionizing' of the hosted content, is (eventually) intended to manage an automatic 'Broker Onion Service' (BOS) that anonymizes the Host of the Content as but another user of the BOS's services. This occurs by creating a distinct instance of the automatic Onion Service that specifically is paired with another 'User', that is actually the host. This special User is forced to get a RP with the service--the BOS--the exact same way as any other user seeking to access the content in the first place. This means that, even with flow correlation, they appear just as any other User of the service, and so exposing the Host becomes a much more difficult conceptual task.
It's Built It's Designed
The protocol is described as utilizing Elixir's OTP to manage a supervisory structure that manages discrete and isolated Docker instances that are individually responsible for communicating with the Tor-Network--or the Clear Web--as well as each-other.
These Docker instances would be managed by specialized Gen-Servers that would ensure a robust fault tolerant operation of each sub-utility coming together to make the protocol possible.
The Supervisors used partition the tasks based on exposure. The four supervisors--controlled by the master supervisor--for a setup involving a BOS, are as follows:
Anonymous - Responsible for managing outward facing Tor Connection in order to obfuscate Host. Representation - Responsible for managing internal 'Doll-House' representation of Hosted Content. Broker - Responsible for managing outward facing Tor Connection that receives incoming requests and delivers outgoing deliveries. Public - Responsible for sitting in place of the original site to inform past-users where the site has gone to and how to access it safely.
Please know that onionizeit.online is a domain we obtained this weekend, but glitch.com won't let us customize domain until we get thanked by other users - basically use it more.
Challenges that we faced during this project were getting every member familiar with the various tools we planned to use for implementation. Such tools involved Elixir--specifically the Mix and OTP features--which is fault-tolerant and process-based, as well as Docker--which packages the service in order to streamline the onionizing of host sites. All of these protocols prevent leakage of information between the various components we expose and so attempts to guarantee safety.
Challenges We Faced
We had many particular issues with our Coding Environment that made producing a Prototype of the design progressively infeasible. A number of these are enumerated below.
When working on Azure functions locally in VSCode, we ran into numerous errors ranging from not being able to import azure.functions to no values for arguments in the functional call.
Atom crashes every ~30 seconds on certain installations of Windows 10--apparently.
Windows 10 frequently lies about Hyper-V support being completely enabled (this is necessary for Docker to even start).
Many others--unfortunately--but very... enlighteningly.
Accomplishments that we're proud of
We used so many new technologies this weekend--and that's pretty exciting for a team half made up of first-time hackathoners!
All of us got up to speed with Elixir and its Mix and OTP functionalities, Docker and running our very own containers, and of course Tor, onion browsers, and anonymity services in general.
What we learned
Setting up the environment, which entails installing the correct requirements, may be one of the hardest part of any projects. Most of the team had never dealt with Tor, Phoenix, Elixir, Docker, and Azure so there was a very steep learning curve.
We learned about anonymity services, specifically onion browsers, and about packaging services and applications using tools such as Docker. Furthermore, we also learned about the language Elixir and it’s various tools, which are beneficial to the project because of its’ fault-tolerant and process-based nature.
We also learned some cute onion puns sprinkled here and there, leaving us with tears of joy.
For our new hackers--since this was their first hackathon--they learned what it is like to participate in one. From this experience, we learned everything from how to make lemon bars to languages and software tools/games they never had before (Elixir, Pheonix, Scribbl.io, ...).
What's next for Onionize It!
We'll continue working on adding more tracks, including making n-BOS Completely Self-Managing.
More details are on our README, but here is an excerpt from it:
0.1 | Automatically Generate an Onion-Service (to Host Previously Existing Site) Needs to Be Implemented.
0.2 | Automatically Generate BOS for 1 Host Needs to Be Implemented.
1.1 | Make BOS Completely Self-Managing for 1 Host (Implement BOS Life-Cycle) Needs to Be Implemented.
2.1 | Automatically Generate BOS for >1 Host (n-BOS) Needs to Be Implemented.
2.2 | Make n-BOS Completely Self-Managing (Implement n-BOS Life-Cycle) Needs to Be Implemented