Volunteer Spotlight: Meejah Helps You Integrate Tor into Your Code

by tommy | February 20, 2018

 

Tor is a labor of love built by a small group of committed individuals, but we’re lucky to have the support of a dedicated volunteer base who help us make Tor the strongest anonymity tool out there. The volunteer spotlight is a regular feature here on the Tor Blog, and today, we’re highlighting Meejah, who runs Tor command-line tools, helps people integrate Tor into their code, and scans the Tor network for bad relays. 

Meejah started out at Tor hacking together some basic things with Twisted, an event-based networking library for Python. This led him to Damian’s Python libraries to use with Tor, which led him to develop release txtorcon, an implementation of the control-spec for Tor using Twisted.

Meejah has been involved with with programming and open-source communities for over two decades. As the internet grew in size and popularity, he watched in alarm as it became more hostile.

“Seeing what I saw as a really friendly and mostly-helpful online community start to morph into a more hostile environment pushed me towards privacy/security things,” he says. And so he decided to help secure the net.

Privacy, he maintains, isn’t just about secrecy. “It's about empowering individuals to decide what to reveal,” he tells us. “Sometimes I WANT to share a thing with the world, but that should be up to me. Security is kind of a prerequisite for privacy; any kind of privacy control is meaningless if the underlying software can be easily subverted (‘isn't secure’). So this kind of work is probably less ‘exciting’ in some ways, but absolutely vital.”

Looking forward, Meejah would like to see more developers release software that’s both secure and easy to use (that’s something Tor has been hard at work on; we just released a new Tor Browser with a redesigned launch experience for better usability). 

He would also like to continue seeing decentralized systems gain more traction, lessening the control big internet service companies have over information flow. “We definitely need a lot more people to act a lot differently before the internet looks decentralized. I'm trying to help in my own little corners, and volunteering with Tor is part of that.”

We’re grateful for Meejah’s work. Thanks to him, it’s becoming easier for people to onionize the internet of things, securing the web one step at a time.

Join Our Community

Getting involved with Tor is easy: you can help us make the network faster and more decentralized by running a relay, especially if you live in a part of the world where we don’t have a lot of relays yet. You can read all of our volunteer spotlights here.

Tor is a vital tool for protecting privacy and resisting repressive censorship and surveillance. If you want to make a contribution but don’t have the time to volunteer, your donation helps keep Tor fast, strong, and secure.

Comments

Please note that the comment area below has been archived.

February 20, 2018

Permalink

as users , we have 2 big problems :
- find company
https://www.torproject.org/download/download.html.en#warning
#Want Tor to really work?
- securely contact our friends /connect to the web/onions
web-mail/ricochet
http://mail2tor2zyjdctd.onion
https://ricochet.im/

Secure the net could begin by (one step at a time) :
- by alerting about fake/false 'onion_secure_service' ,
- publishing which errors are fatal (testimonies of user who were 'catched/targeted/attacked') ,
- by updating TorBrowser at a better level of security/anonymity ,
- by making a pressure , an interview of the independent dev (ricochet is not updated e.g , elude.in is down e.g) _ even if they are not part of the tor project ,
- by opening new onions (censored contents/taboo in most countries) about euthanasia ; the price of rare flower, tree, animal ; a counter-privacy news (you are under survey ? publish the names, address, photo of your spies) ,
- by promoting & installing a 'tor service' near the airport, harbor, railways station (or publishing the list of hotel/coffee shop nearest of these places which are running Tor).

#Want Tor to really work?
- securely contact our friends /connect to the web/onions
web-mail/ricochet
http://mail2tor2zyjdctd.onion

Blah, it's MX record is incorrect (MX record must point to hostname, not IP address).

  1. <br />
  2. $ host -vt mx mail2tor.com<br />
  3. Trying "mail2tor.com"<br />
  4. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41355<br />
  5. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0</p>
  6. <p>;; QUESTION SECTION:<br />
  7. ;mail2tor.com. IN MX</p>
  8. <p>;; ANSWER SECTION:<br />
  9. mail2tor.com. 140 IN MX 10 91.234.99.184.</p>
  10. <p>Received 59 bytes from 127.0.1.1#53 in 15 ms<br />
  11. $<br />

Registration page http://mail2tor2zyjdctd.onion/register.php indicates that mail domain is @mail2tor.com

February 20, 2018

Permalink

> Privacy, he maintains, isn’t just about secrecy. “It's about empowering individuals to decide what to reveal,” he tells us. “Sometimes I WANT to share a thing with the world, but that should be up to me. Security is kind of a prerequisite for privacy; any kind of privacy control is meaningless if the underlying software can be easily subverted (‘isn't secure’). So this kind of work is probably less ‘exciting’ in some ways, but absolutely vital.”

Exactly. This is one of those important points which is often overlooking: strong civilian encryption makes sharing selected information safer. For example, I might want to be able to vote by establishing my eligibility without revealing my name/address, so that I need not fear retaliation for voting against an incumbent authoritarian, say. I might want to send money to a worthy cause by proving I have enough to pay without revealing my name/address to government spooks or other nosies. I might want to log into a social media site using an established identity not tied to any name/address in any (neccessarily leaky) database.

Further, encryption can help restore one of the most important facts which ought to be self-evident: the proper owner of data about a person is that person. Not a government, not a bank, not a politician, not Facebook or Google.

@ Meejah and all coders for justice: keep up the good work! And stay safe: We the People need you more than ever.

February 22, 2018

In reply to meejah

Permalink

> scans the Tor network for bad relays

Question (about exit nodes): while reading an https news site, I clicked on another story and unexpectedly, after a delay, saw the "encrypted connection failed" warning from Tor Browser. Should I be concerned that the exit browser was misbehaving?

You should always honour the warnings about TLS certificate failures from your browser.

There are many things that can cause such failures, and yes a misbehaving exit node is one of them. If you believe it's a particular exit which causes the behavior you can report it to the bad-relays at torproject.org mailing list and someone will take a look.

February 21, 2018

Permalink

I know it’s hard. Even people are not interesting in privacy and freedom, I only can say: Thank you meejah! Keep pushing. We love c0d3r like you!

unfortunately , you are right ; few people are interested/concerned in privacy & freedom : it must be a luxury ring that one can offered when one becomes famous, when one does not need it ...

February 23, 2018

Permalink

backdoor : i use the official stable linux version 7.0.5 _x64

https://www.wired.com/2013/09/nsa-backdoor/
https://en.wikipedia.org/wiki/NSAKEY

1995 : NSA & backdoor : see Swiss company Crypto AG
1999 : Windows NT & _NSAKEY
2001 : Backdoors and Key Escrow
https://www.rossde.com/PGP/pgp_backdoor.html
2004/2005 standard & FIPS in 2006
2006 : random number generator & private key
2007 : an encryption standard compromised by design
2010 : google/gmail
https://www.cnn.com/2010/OPINION/01/23/schneier.google.hacking/index.ht…
2012 : cisco
2013 : Dual_EC_DRBG algorithm was indeed a backdoor (NIST)

2013 : https://www.eff.org/deeplinks/2013/05/caleatwo

2013 : https://www.csis.org/analysis/backdoors-and-encryption
2015 u.k : https://www.extremetech.com/internet/217798-uk-law-mandates-software-ba…
2015 : china : https://thehackernews.com/2015/02/iphone-china-backdoor.html
2015 usa : https://www.theguardian.com/technology/2015/jul/08/fbi-chief-backdoor-a…
2016 : Back Door in Some U.S. Phones
2016 : iphone
https://www.dailydot.com/layer8/what-is-all-writs-act/
2016 : We will never backdoor our software
https://iicybersecurity.wordpress.com/2016/03/22/tor-project-says-it-ca…
2016 : yahoo
https://www.reuters.com/article/us-yahoo-nsa-exclusive/yahoo-secretly-s…
2016 : china
https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-se…
2016 : art 41
https://www.techworm.net/2016/05/tor-vpn-users-labeled-criminals-hacked…
2017 germany : https://yro.slashdot.org/story/17/12/05/1852249/germany-preparing-law-f…

2017 : Nation-State Hacking
https://www.eff.org/deeplinks/2017/12/2017-year-nation-state-hacking
2017 : NSA
https://truepundit.com/exclusive-six-u-s-agencies-conspired-to-illegall…
2017 : tor
https://www.reddit.com/r/privacy/comments/5quzco/is_tor_legal_in_the_us…
2017 : tor
https://www.securityweek.com/bug-tor-browser-exposed-ip-addresses-macos…
2017 : tor version 7.09
https://www.helpnetsecurity.com/2017/11/06/tor-browser-ip-leak/
2018 : encryption is free expression.
https://www.eff.org/deeplinks/2018/02/new-national-academy-sciences-rep…
2018 : Malware Espionage Campaign
https://www.eff.org/press/releases/eff-and-lookout-uncover-new-malware-…
2018 : apple
https://www.wsws.org/en/articles/2016/02/18/appl-f18.html

The laws in the u.s.a apply on the service providing access & security (e.g CGHQ runs as a nsa service) everywhere a u.s product is used / an agreement was signed /a joint-venture is made.

Tor is vulnerable until the version 7.0.9

Interesting collection of links, but you didn't say what you think it the point. I'd suggest that the takeaway is this:

o the technology of cyberwar currently favors the attacker; Tor is one of the few tools available to defenders,
o We the People are in an arms race with all the government and hate group attackers

Crypto AG: for the benefit of readers who don't know the story: Crypto Aktiengesellschaft was the cyper machine company founded by Boris Hagelin in 1959 in Zug, CH. This company sold improved versions of a cypher machine originally invented by Arvid Damm in 1916 (and later modified by Hagelin) to many corporations and governments. The device was widely used before digital computers enabled digital encryption systems.

In 1995 it was revealed that NSA had throughly broken the Crypto AG cypher machines and had been reading diplomatic traffic among "small nations" for years.

As mentioned recently in this blog, Meltdown/Spectre attacks share in common with cryptanalysis a key feature: the fact that a successful attack has occurred is invisible to the legitimate user. This point has too often been forgotten after NSA largely gave up on cryptanalysis in favor of evading (strong) cryptographic protections entirely by attacking (weak) computer network defenses.