best practices on how to make your application anonymity / privacy / Whonix friendly

! In T634#12790, @dau wrote:

  • Is there documentation on “how to torify/make apps Whonix friendly/compliant”?

No.

It’s a good question. Let’s collect discuss some points here and then make a wiki page on that subject.

Ideas I had so far:

Does the app…

  • Use the Internet?
    • Make outbound connections?
      • Try to use resources via HTTPS or some secure protocol
      • If resources are also available as an Onion Service, use it instead
    • Receive inbound connections? (this might require significant changes to the app)
      • Use an Onion Service
      • Listen on an external interface (See Proposal 635)
    • Use Tor by default? (on non-Whonix systems)
      • Make sure to use Whonix’ Tor process and prevent Tor-over-Tor
      • Use the control protocol?
        • Make it Control Port Filter friendly (Would be a good idea to make a list similar to this issue’s)
  • The app does not use the Internet
    • Make sure it really doesn’t (this might seem stupid but who knows…)

(Can this be turned into a diagram?)

It is a good idea to make these checks taking into account the dependencies your app uses (that’s why “offline/local” apps might use the Internet unintentionally).

Following the above will make the app work on Whonix, but it still does not make it anonymity focused. This means there should be made an analysis of the app to identify points in its design and implementation which might harm users.

Examples:

  • Uses some protocol which by default adds the system’s/user’s information to its packets
  • Stores/Transmits identifying information while it could be minified/anonymized

It is also important to take security into account and not only anonymity: there should made an analysis focused on vulnerabilities that can affect the app and the system.

It would be nice if there was some reference on “Writing Privacy Enhanced Technologies” or something like that. (Otherwise this might become one?)

There is useful information from the Torify HOWTO which we could use for this.

1 Like

(Haven’t read your post yet but will do so when I find time.)

Small update from Tor meeting:

No, there are no best practices guides on how to make your application
anonymity / privacy friendly by Tor Project. They however agree it would
be good to have just no one had time for it.

The process for now was “please describe what your application is doing
on the network level, sent that information to tor-dev, we then will
give a feedback how we like that”.

(Haven’t read your post yet but will do so when I find time.)

Okay! (Just updated it to not look like a code block)

Small update from Tor meeting:

No, there are no best practices guides on how to make your applicationanonymity / privacy friendly by Tor Project. They however agree it wouldbe good to have just no one had time for it.

The process for now was “please describe what your application is doingon the network level, sent that information to tor-dev, we then willgive a feedback how we like that”.

Thanks for asking! Hopefully this can contribute to that.

Could you please add them to Tor_friendly_applications_best_practices · Wiki · Legacy / Trac · GitLab?

(We talked about this at 2017 Amsterdam Tor meeting with intrigeri, anonym, Sukhbir, and Micah Lee.)

(Also please add the things you are not sure about yet with XXX: .... It’s a draft multiple people will be working on. Any unclear points you add may be completed by others.)

Scratch these, since that should already be covered in the current draft.

I did not understood that one. Could you elaborate please?

Could you please add them to Tor_friendly_applications_best_practices · Wiki · Legacy / Trac · GitLab?

(We talked about this at 2017 Amsterdam Tor meeting with intrigeri, anonym, Sukhbir, and Micah Lee.)

(Also please add the things you are not sure about yet with XXX: … It’s a draft multiple people will be working on. Any unclear points you add may be completed by others.)

Sure! I’ve never edited one of those pages, so I just press Edit this page, submit and someone reviews in order to accept it?

Should I create a Whonix section? Because some of these are specific.

Scratch these, since that should already be covered in the current draft.

Alright!

I did not understood that one. Could you elaborate please?

Well, kind of like a drawing:

Do this <---Yes--- [Question] ---No---> Do that

And each answer could lead to another question, but after reading the page you linked above I do not think this would be possible.

dau:

Could you please add them to
Tor_friendly_applications_best_practices · Wiki · Legacy / Trac · GitLab?

(We talked about this at 2017 Amsterdam Tor meeting with intrigeri,
anonym, Sukhbir, and Micah Lee.)

(Also please add the things you are not sure about yet with XXX:
… It’s a draft multiple people will be working on. Any unclear
points you add may be completed by others.)

Sure! I’ve never edited one of those pages, so I just press Edit this page, submit and someone reviews in order to accept it?

You edit it and it instantly gets the next live version.

Should I create a Whonix section? Because some of these are
specific.

Ideally, we could manage to make it as generic for any anonymity
distribution so the actual brand “Whonix” does not have to be mentioned.
But anyhow. Please make an edit. On top of that, it can still be
improved, so little to worry about.

I just added:

  • XXX Review: Use resources via HTTPS or some secure protocol. If resources are also available in an Onion Service, use it instead. Otherwise, consider running one.

I believe the rest of the bulleted list has already been covered and the rest of the initial post might be out of scope, because that is kind of “general security/privacy/anonymity best practices” not specifically related to Tor. Do you think we should add that anyway and see what people think?

Another thing is about binding on the external interface. Currently, is that too Whonix specific? Maybe suggest to “bind on the system’s default listener”?

1 Like

Well, I started this discussion along the lines “everything Tor centric application developers would ideally do”. Safe to add.

Yes. Not too Whonix specific, since we worded the convention not specific to Whonix at all.

Alright, added those too. (Everything is prepended with XXX Review:)

Thanks Patrick!

1 Like