New Tor ControlPort commands wanted by TBB 4.5 and above

There is some news about what Tor ControlPort commands will be used in TBB 4.5 and above. Documented here:

To decide what information software on the workstation can access we use a strictly need to know basis.

They are all terrible things to allow and should be blocked or lied to. My recommendation is to default block them and if they break, use lies to make them happy.

“getinfo config-text” undesirable
"setevents stream" and TorButton Network Settings should be blocked or given generic lies to hide gateway configuration. Information about what nodes or bridges should NEVER be given to a software inside the ws. This is important as we should treat the inside of the ws as malicious in the threat model. Lets say a Hidden Server is rooted, knowing what guardnode is used by it is catastrophic. The TBB threat model thinks that the machine is secure and that this is useful information for the user to have.

feedback mechanism for clock-skew Its purpose is to tell the user about problems (clock skews) that prevent Tor from working. We already have an entire infrastructure to make sure Tor’s clock is functioning and to notify the user about problems: whonixcheck, timesync. Giving access to Tor log events before a connection is established to the workstation is leaking more unnecessary information.

I’m sure you know already, but to make it clear for everyone, the replies to the new requests used by TBB 4.5 (with cpfp.py and CONTROL_PORT_FILTER_DISABLE_FILTERING=true).

“setevents stream”

Request: setevents stream
Answer: 250 OK

“getinfo config-text”

Request: GETINFO config-text
Answer : 250+config-text=
DisableNetwork 0
DirReqStatistics 0
.
250 OK

TorButton -> Open Network Settings… (without bridge)

Request: GETCONF Socks4Proxy
Answer : 250 Socks4Proxy

Request: GETCONF Socks5Proxy
Answer : 250 Socks5Proxy

Request: GETCONF HTTPSProxy
Answer : 250 HTTPSProxy

Request: GETCONF ReachableAddresses
Answer : 250 ReachableAddresses

Request: GETCONF UseBridges
Answer : 250 UseBridges=0

Request: GETCONF Bridge
Answer : 250 Bridge

I tend to mostly agree with HulaHoop.

Looks like for answering “510 Prohibited command” doesn’t break anything for and it works. For now there should be no fingerprinting issues but I fear in future they might implement something that creates a catch 22.

Let’s see how they implement clock-skew and others. They’re not necessarily all evil.

[hr]

In future they are likely going to add nice usability improvements. Such as this. Looks like a nice usability feature to cope up with Tor’s slowness:

Too bad we might not be able to use it.

Good News about the Network Settings menu.

#14100: Toggle NetworkSettings menuitem visibility based on an environment variable:

linostar wrote a working patch!

Good news indeed!

So, we are left (so far) with “setevents stream” and “GETINFO config-text”. I could not test TBB 4.5 in Whonix (it freezes, no time to investigate). If the filtering does not break it, I gather that we can leave cpfp.py untouched.

Yes.

[hr]

We should test it when they release next alpha/beta. Someone should keep testing them anyhow so we don’t run into big surprises on next stable release. I try remember that. It would not be that hard to add an alpha/beta option to tb-updater, if that would help. I just manually commented out these three lines. (https://github.com/Whonix/tb-updater/blob/master/usr/lib/tbbversion_parser#L70)

echo "$line" | grep -q -i -s "\-alpha\-"
if [ "$?" = "0" ]; then
   continue
fi

So that’s not hard. Just adding the config switch would require a few more lines of code.

So that's not hard. Just adding the config switch would require a few more lines of code.
If you can do that, I could test the next TBB version once in a while, trying to prevent last minute surprises, yes. Just give the modified code here, and I can run it in a separate Whonix installation. For reminding, two is better than one.

Indeed. Done:

Fake Control Port discussion moved here:

Looking at “setevents stream” again… Therefore time to update this thread a bit.

https://phabricator.whonix.org/T218

If you can do that, I could test the next TBB version once in a while, trying to prevent last minute surprises, yes. Just give the modified code here, and I can run it in a separate Whonix installation. For reminding, two is better than one.[/quote]

By the way, choosing TBB versions now became even simpler than that, thanks to troubadour!

(From https://phabricator.whonix.org/T214 see screenshot:)

It’s not clear to me what “setevents stream” is doing. It could be, that it’s nothing evil. Still need to figure out what Tor Browser is using it for to determine if we must better enable it for some reason.

Does anyone know where in control-spec.txt - torspec - Tor's protocol specifications it’s documented?

I invite you to directly talk to Tor’s ControlPort (this is not possible using the current filter proxies or arm, because none of them seems to support events)… Documented here how you look what “setevents stream” is outputting: