You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
mikeperry has developed new subsystems that protects against multiple side channel attacks, and against Guard discovery attacks which may be able to de-anonymize OnionShare's onion services "hidden services". It should be possible to implement this script into onionshare with some default options set up for users and the ability to customize the options.
Each of these options is assigned its own set of nodes, which are rotated based on the randomized selection algorithm specified in the Mesh Vanguards Proposal.
The Rendguard subsystem keeps track of how often various relays appear in the rendezvous point position on the service side of an onion service. Since rendezvous points are be chosen by the client that connects to a service, it is possible for clients to choose malicious, colluding rendezvous points to help them mount guard discovery and other attacks.
This subsystem emits warnings and optionally closes the circuit when a rendezvous point is chosen more than a 2X multiple of its consensus bandwidth weight.
The bandguards subsystem performs accounting to watch for signs of bandwidth sidechannel attacks on individual onion service circuits. It then closes circuits that exceed these limits and emits log messages. While we expect the default values to be set properly, these limits can be tuned through configuration as well. See the Configuration section for more details.
I got vanguards subsystems working! @mig5@maqp And it also works with V3 onions. Optional add V3 support#461 (comment) Optional Compile Tor 0.3.4.2 for The Bandguards Subsystem support.
Recompile onionshare with ControlPort 9051 added to the torrc_template replace tor.real 0.3.3.x with tor.real 0.3.4.x
Open onionshare
Open vanguards-example.conf and change the option circ_max_dropped_bytes_percent to = 100.0 and circ_max_megabytes should equal the size of the hosted file, right now set it too = 10000
cd to the vanguard file source directory and then run ./src/vanguards.py --control_port 9051 --loglevel DEBUG --config Vangard_source_location/vanguards-master/vanguards-example.conf
Start a share in Onionshare and Vangards and the other subsystem should now run correctly.
Update
Disable Stop after first download option or the download gets cancelled around 3/4th of the way through.
mikeperry has developed new subsystems that protects against multiple side channel attacks, and against Guard discovery attacks which may be able to de-anonymize OnionShare's onion services "hidden services". It should be possible to implement this script into onionshare with some default options set up for users and the ability to customize the options.
The Vanguards Subsystem
The Rendguard Subsystem
The Bandguards Subsystem
And here is a example config file.
https://raw.githubusercontent.com/mikeperry-tor/vanguards/master/vanguards-example.conf
https://github.com/mikeperry-tor/vanguards
Here is the official proposal for vanguards.
https://gitweb.torproject.org/torspec.git/tree/proposals/292-mesh-vanguards.txt
@micahflee
@mig5
The text was updated successfully, but these errors were encountered: