g0v-tor

Month: 2018-11

2018-11-01

patcon 12:32:41
@patcon has joined the channel
patcon 12:33:19
Haha yeah, "darknet" was a name I was going to suggest we reconsider :)
patcon 12:35:11
Thoughts on renaming the channel/project to something that has more name recognition?
To clarify, I am interested in Tor, but if I was browsing channel names or github repos or project names, I might not realize that a project called g0vhs was of interest to me
patcon 12:37:06
What about g0v-tor-hs or some variation of that? Added perk is that this slack channel names auto-complete on parts between dashes, so if someone remembers that there's a Tor-relatee project and types "tor", it comes up :)
patcon 12:38:11
@patcon set the channel topic: Docs: https://hackmd.io/s/SyOgbkL3Q
patcon 12:40:46
@patcon set the channel topic: Docs: https://hackmd.io/s/SyOgbkL3Q
patcon 12:40:46
@patcon set the channel purpose: For discussion of a privacy-preserving Tor hidden service within g0v.
ydl 13:05:25
Yup, I think you are right. g0v Darkweb might be much easier to attract people's eyes
ydl 13:05:32
You can rename it :slightly_smiling_face:
ydl 13:07:27
@davisfreeman has renamed the channel from "g0vhs" to "g0v-darkweb"
ydl 13:08:14
@davisfreeman has renamed the channel from "g0v-darkweb" to "g0v-tor"
ydl 13:08:30
I change it to g0v-tor, how do you think?

2018-11-04

ydl 08:45:45
@patcon do u have any machine that can allow me to build the client side of g0vhs?
patcon 11:39:08
Sorry, how do you mean? As in a spare desktop to act as the server?
ydl 12:58:38
The is the first feature I come up with, it’s called PGP talk.
Screen Shot 2018-11-04 at 10.43.48 AM.png
ydl 12:59:51
and the other architecture I’m still plotting it … I will explain why I need a client machine after I finish the plotting
patcon 13:05:12
hm. ok i think i misunderstood the project. so it's not just offering privacy for visiting existing g0v websites, but also a new app that we think those privacy-seeking people might use?
ydl 13:05:33
Yes
ydl 13:06:04
It’s a kind of proxy and communication tool for those who have to avoid censorship of their countries
patcon 13:06:21
I suppose I thought it was about giving tools and support to existing projects to help them incorporate hidden service features, and not necessarily inventing the tools in this project
patcon 13:07:52
i guess i'm a little less sold on the value of that, as there already exist many tools and communication services for the purposes you mention. so why not support and deploy them instead of inventing our own?
ydl 13:09:00
It’s good idea to deploy them. But I just haven’t figure out which we can use
ydl 13:09:20
What’s your suggestions?
patcon 13:14:56
heh i would need to do research to know what to suggest -- i've been away from the privacy and anti-surveillance space for awhile -- but i'm of the impression we're not the first to see this challenge, and so i'm sure other apps exist :slightly_smiling_face:
ydl 13:16:00
Another idea I’ve though about is to create a decentralized tor relays which contributed by volunteers around the world. The tor relay they contributed can be a bridge to help others who need to use tor
patcon 13:19:06
cool! have you had a chance to run the idea by a tor developer?
ydl 13:19:49
I’ve contact information of roger~ Maybe he will have ideas
patcon 13:20:39
can you clarify more how you think tor relays might be decentralized? like is the goal so more people who are new run relays more easily?
ydl 13:21:21
Yup, but give me seconds, I’m going outside now. Contact u later :slightly_smiling_face:
patcon 13:22:23
haha for sure -- im heading to makerfest to learn about farmbot anyhow :slightly_smiling_face: talk later!
patcon 13:16:18
what if we took an approach of imagining and building a profile of the sort of person we're trying to support in the g0v community of nearby communities, and then asked in the tor chanenls whether peopel know of existing projects that might cover this demographic? And then we could do an inventory and see which one feels most interesting :slightly_smiling_face:
ydl 13:20:48
It’s good idea. Asking experts’ suggestion are always important
patcon 13:59:37
heh, and to be fair, it is totally a valid approach to just start our own new thing. it's just not my preferred approach, but it's the right thing if it what energizes you (as the main driver on this!)
patcon 13:21:51
i'm really glad to be talking about this by the way! I was a little unclear what the goals and approach of the project were, but this is so helpful!
patcon 13:27:46
I :heart: awesome lists. found one for tor that might be a good starting point: https://github.com/ajvb/awesome-tor

GitHub

ajvb/awesome-tor

A list of awesome Tor related projects, articles, papers, etc - ajvb/awesome-tor

ydl 14:57:33
The origin idea
g0vhs.png
ydl 15:00:00
The original idea is as follow:
A user can use hidden service to join the g0v slack channels for discussion or to contact a specific users with PGP encryption is provided. The words he or she said will be spoken by the slackbot we provide. Thus, they can join the community without leaking their true identity on the internet. Bot is a speak “proxy” for them.
ydl 15:04:15
The benefit is that users do not need to use their email to get a slack account they can still talk and join the open communities to have conversation with others
ydl 15:04:44
The same idea can be transplanted to other platforms like telegram, whatsapp and so on.
patcon 15:33:24
ok cool! so the goal is to let people from privacy-hostile countries participate in g0v conversations on slack without leaking identity?
ydl 15:35:30
Yes
ydl 15:35:37
Let’s my true goal
ydl 15:36:14
I found out I just talk about a single function to u. lol I should give u the whole roadmap in the beginning
patcon 15:36:41
just to consider all options (because the most maintainable service and feature is the one that doesn't need to be maintained or even written :slightly_smiling_face: ):
patcon 15:37:12
can a similar privacy be had by creating a slack account with a http://mailinator.com|mailinator.com disposable inbox, and just signing in via tor?
patcon 15:38:34
i'm just trying to understand the threat model, and whether things that already exists allows for similar protections, and just perhaps needs explicit documentation
ydl 15:39:13
I do not sure if the slack found out that they cannot send notification successfully to the email address and might suspend the email once the deliver is failed.
ydl 15:39:38
Yes The discussion and the clarify the needed is very important
patcon 15:39:50
(of course, maybe other options exist, but this one is a project that is energizing because it involves learning. and so this could be the right thing to build regarldess!)
patcon 15:40:10
fwiw i use mailinator quite often, and it's very rare for it to be blockd in any way
ydl 15:41:24
If there is a simple way to complete this functionality, we do not need to recreate it. Instead, we can just build a dark wikipedia to show others how to set their slack with high privacy :slightly_smiling_face:
ydl 15:42:07
Learning is one of my consideration too! Iol
ydl 15:46:17
@patcon how if we build a dark service that can help people to generate deposable slack account with one button click ?
patcon 15:48:33
oooooh that sounds neat (assuming slack over tor isn't a terrible idea! still researching)
patcon 15:49:45
slack uses websockets, and so still trying to sort what that means for trying to use tor
- https://tor.stackexchange.com/questions/8868/websocket-over-tor

Tor Stack Exchange

WebSocket over Tor

I've been researching for many hours, but haven't found a definite answer. Is it possible for a client to connect to a hidden service with websocket? If so, how can I learn more? If not, is there an

patcon 15:52:01
would it be worth trying to solicit stories or anecdotes of people who didn't join or participate in g0v conversations, or who self-censored due to concerns? as in, are there stories of this affecting people, from which we could get a better idea of what potential users are actually thinking?
ydl 15:54:22
I believe it is a good idea. I’m trying to share our ideas to the general channels to hope more people would like to join conversation with us
ydl 15:52:56
maybe we don’t have to setup the websockets service on our hidden service. As far as i know, the slack allows users to setup their socks server. But I do not sure is a normal user can have this capability or not.
ydl 16:04:24
But following our original plan, we should build websockets service on our own
patcon 16:10:59
ok, so mailinator signup won't work on slack, so that's a dead-end :slightly_smiling_face:
ydl 16:11:41
You tested it?
patcon 16:13:29
yep
ydl 16:13:46
So slack just said it is invalid mail address?
patcon 16:17:35
ydl 16:18:09
:disappointed_relieved:
ydl 16:18:26
Seems like we have to made our own service without doubt
ydl 16:18:37
It’s time for learning! lol
patcon 16:20:35
haha i'm still not sure. if we bridge our slack with any of these tools, then we might allow easy anonymous usage as well: https://github.com/42wim/matterbridge#requirements
patcon 16:21:00
(we already have a matterbridge chat bridge connected for translation, and perhaps soon even using it for the IRC/telegram bridging)
patcon 16:11:45
also, wondering if the chat bridge could be used here... it could theoretically bridge each channel with a channel on another, more privacy-preserving tool (like mattermost)
patcon 16:13:03
and then there's the added bonus that this would also mean that this project helped people have an option besides slack for visiting every channel, which many might think is a good step
patcon 16:16:20
i don't think this is helpful, but sharing just in case it could be rigged into something useful for effective anonymity: https://abot.app/

abot.app

Abot | Slack Anonymous Feedback Messages and Voting [Simple Bot]

Abot is a simple Slack bot for sending anonymous feedback messages in your team. If you want to conduct an anonymous survey, voting, poll, discussion, or collect your team's yearly performance reviews, you just need to type a simple command. Whoever receives a feedback can reply to it without knowing who is the author.

patcon 16:24:14
re: matterbridge.
patcon 16:25:28
it does feel that bridging slack a tool with a public view would make this whole thing a lot easier... like it's easy to send anonymous messages in (via tokens or some simple hidden service web app), it's the allowing someone to read any channel in a realtime way that's hard
patcon 16:25:30
but having a public view would make that a non-issue
patcon 16:35:33
rocketchat can be bridged to this slack via matterbridge, and has anonymous reading/writing features complete: https://github.com/RocketChat/Rocket.Chat/issues/604

GitHub

Allow anonymous use of the chat [$250] · Issue #604 · RocketChat/Rocket.Chat

So currently, Rocket.Chat is a very much a Slack clone. But my main issue with Slack is that it is not open enough. So I would like an option to make Rocket.Chat more open. What I mean by that is t...

patcon 16:45:21
ok, tried out signing up for riot via tor
patcon 16:45:41
patcon 16:46:11
started a chat with myself on riot, but could have talked to my gitter-self too, apparently
patcon 16:46:27
it worked!
patcon 16:49:31
and lots of productive discussions about tor among riot devs, so it's an ongoing conversation: https://github.com/vector-im/riot-web/search?q=tor&type=Issues
ydl 19:48:17
thanks @patcon! So many information! lol
ydl 19:48:56
So it seems like our project direction is a bridge tool upon on the tor, right?
pm5 19:58:48
@pm5 has joined the channel
patcon 19:59:34
haha i definitely don't want to push a decision in that direction unless it fits your liking, but first glance seems like that would open up a privacy-preserving options that also have some great side-effects :slightly_smiling_face:
ydl 20:00:05
@patcon Actually, I believe that bridge is the idea I want to do
ydl 20:00:23
Because my future plan is to make it cross platform~
patcon 20:00:41
it might make sense to talk to potential users (or find them) then, with the details of what users want, talk to tor folks before charting a course?
patcon 20:00:46
¯\_(ツ)_/¯
patcon 20:01:08
haha but I SUPPORT THE BRIDGE
ydl 20:01:38
So bridge is definitely the idea ! I just don’t know the accurate word to describe my idea!
patcon 20:01:40
even if it doesn't help _anyone_ with privacy stuff (worst case) it will still be a nice step away from slack
ydl 20:01:50
Yes, it is
patcon 20:01:51
OH!
patcon 20:02:10
ok ok yeah yeah so while it's not well-documented, matterbridge has an API that others have already built things on
patcon 20:02:11
one sec
patcon 20:02:41
the last 3 projects all use the API: https://github.com/42wim/matterbridge#related-projects

GitHub

42wim/matterbridge

bridge between mattermost, IRC, gitter, xmpp, slack, discord, telegram, rocket.chat,hipchat (via xmpp), steam, twitch, ssh-chat, zulip and matrix with REST API (mattermost not required!) - 42wim/ma...

ydl 20:05:08
matterbridge is great. I originally plan to use go as the developed language!
patcon 20:05:19
i know the maintainer would love you if you felt like documenting the API as your were learning it: https://github.com/42wim/matterbridge/blob/master/bridge/api/api.go

GitHub

42wim/matterbridge

bridge between mattermost, IRC, gitter, xmpp, slack, discord, telegram, rocket.chat,hipchat (via xmpp), steam, twitch, ssh-chat, zulip and matrix with REST API (mattermost not required!) - 42wim/ma...

patcon 20:05:27
perrrrfect
patcon 20:05:43
yeah, it's my first go project, and i'm really glad to be learning it
ydl 20:06:52
cool~
ydl 20:07:18
Today, we have a wonderful discussion! That’s so terrific!
ydl 20:08:37
So the reason I ask u about the machine because we need a bot as the client side to deliver the message and return those message through tor to the hidden service~
ydl 20:09:53
I’ve brought one machine for hosting g0vhs, but the client side should not be placed in the same machine
patcon 20:33:02
:tada:
patcon 20:33:17
I'm travelling pretty light, so I definitely don't have any extra machines lying around, but I'm sure we can find one
ydl 22:24:34
my solution is to use openshift and create multiple clients due to its free restrictions on the power on duration : must make machine sleep 18 hrs in every 72hrs
patcon 20:33:39
is currently adding swagger API docs to matterbridg

2018-11-05

ydl 09:09:45
@pm5 Hi, forget to say hello to u. lol
ydl 09:09:56
Feel free to say anything :slightly_smiling_face:
chihao 13:00:20
@chihao has joined the channel
pm5 15:56:34
@davisfreeman :spock-hand:
yutin 19:43:09
@yutin has joined the channel
patcon 19:44:15
@davisfreeman ok, if you'd like to start experimenting, I've got the API working for my test gateway here:
http://matterbridge-heroku-g0vtw.herokuapp.com/api/messages

You can create new messages for the stream by dropping them in either #i18n-test-en or #i18n-test-tw
patcon 19:45:24
also, hopefully the API docs will get merged soon: https://github.com/42wim/matterbridge/pull/551

GitHub

[WIP] Add auto-generated Swagger API docs by patcon · Pull Request #551 · 42wim/matterbridge

Using the swag library: <https://github.com/swaggo/swag#> Not ready for review Preview:

2018-11-06

qitj965 11:55:11
@qitj965 has joined the channel

2018-11-07

2018-11-08

ydl 20:19:50
@patcon So how does matterbridge work?
patcon 23:06:28
haha that's a big question. basically a big routing engine for transforming messages from each service. It currently holds no state aside from the credentials for each service. So it just sends things straight through, and keeps a cache of things it's seen for people to make edits and deletions for a few days :slightly_smiling_face:
patcon 23:07:09
as for the API, I've never used it to post messages, so you might need to discover that part from reading the code...!
hahahaerlolo 22:37:09
@qazwwe51688 has joined the channel
hahahaerlolo 22:37:36
:grinning:
ydl 23:23:27
@qazwwe51688 hi :slightly_smiling_face:

2018-11-09

Danny 23:36:13
@stationaery has joined the channel
patcon 23:36:52
Anyone know any good VPN services for North Americans working in Beijing?
patcon 23:37:39
cc @davisfreeman for wiiiiiisdom
ydl 07:16:09
I’ve nothing to recommend. Haven’t travelled to China before
patcon 23:37:19
actually, i know TunnelBear is a great one from Toronto, but not sure if they would be functional in China

2018-11-10

Danny 00:01:08
I hear ExpressVPN is super

2018-11-11

ydl 07:18:31
@yutin I remember u have a slackbot app called g0ver. Which service are you used to host this application?? Linode??
yutin 14:35:26
so for, I run on heroku
patcon 19:55:53
Coo. Whats the app name btw? (Trying to create an inventory of who has access to what :) )
ydl 20:49:57
@yutin I see. It seems like it is impossible to run tor on heroku, right?
patcon 20:59:51
No 100%, but I think that's correct
yutin 22:29:53
https://github.com/g0v/g0ver-box repository at here, ToDo I need let it support multi-language and easier to use.
ydl 23:02:06
So heroku allows developers to deploy docker?
ydl 23:21:16
I’ve built tor docker successfully and if the tor docker deployment is available on heruku. heroku can truly help us to build client bots as bridges!
patcon 00:20:24
Hmmm... Actually, maybe?? But my impression is that hidden services always need to be on their own servers to be secure, so not sure how they could bebhisted securely on a paas
patcon 00:20:39
But maybe other pieces of this app could be hosted there?
ydl 20:33:13
It will be secure as long as we pass the traffic through the tor’s socks server. Yes, the IP of bot is going exposed, but all the traffic will be transferred to our hidden service which is hidden inside the tor network.

2018-11-13

2018-11-14

ydl 00:08:06
I purpose an idea for g0vhs: Our system gives users two options for registration: users can enroll with their customized names and password or the service provide random hashes and password for usersthat. The random user ids are only valid in a very short period. In this way, they can assure that they identity will not be revealed easily.
ydl 00:08:16
What do you guys think?
yutin 01:08:39
use https://hack.g0v.tw/ or an anonymous id ?

2018-11-15

ydl 22:26:45
So is this feature a good or bad …?
ydl 22:38:12
@yutin Do u use heroku pipeline for development?
yutin 01:06:28
I’m use pipeline not yet, look is an new feature, great.

2018-11-16

yutin 01:04:12
heroku can’t run docker, maybe we can use k8s on Google cloud.
patcon 01:21:53
it can't? I mean, it can't run docker, but it can deploy containers, can't it?
ydl 01:14:55
Here is the document, so what do you mean it can’t run docker?
https://devcenter.heroku.com/categories/deploying-with-docker
patcon 01:40:39
I was just acknowledging that the heroku dynos don't run the docker binary, ie "the hypervisor-like thing that does container management". They do run the docker _containers_. I think we're saying the same thing :)
yutin 13:00:28
looks is a new feature
ydl 21:29:31
We want to build slack bot with Golang, do you have interest, @yutin?

2018-11-17

2018-11-18