 Hello Yeah, so those are thank you very much Those are my contact information if we want to ask question later also or just get in touch feel free It's my email my master done and my Twitter So I I should do some advertising We have a tour booth in building K where all the projects are There are stickers, so feel free to go and grab And we have a relay operator meetup if you want to run a relay. That's tomorrow 3 p.m Building age room three two four four So note that down if you want to come it's one hour and you can ask questions and know how you can earn a relay and what do you need? So my name is Silvia online I'm a hero. I work at the toll project and I also part of The information security group at UPC Barcelona So what this talk is about it's not a general talk about tour But I will go through what Tories and what does it do so that we have that information fresh There is a tour talk tomorrow in the privacy truck by Roger. It's at 11 The room is Jason. I think or Johnson Johnson, not chase Yeah, so and then we will talk about onion services again I would go quickly through our onion service work and the architecture because The main topic is how can I use onion services? So what is stories actually? So Tories free software to begin with It's a community of people that do different things and we have developers your searcher relay operators volunteers Everybody does different things. Some people just Advocate some people do more development work and some people do actual research and mathematical models. So it's a bit of everything Tour is a network and as a non-profit we have about two million users every day Using the door network. I said user not people because we don't know if those are people. They could be machines and We have 6,000 relays and About 1,000 bridges. Those are nodes in the tour network that volunteers run so that you can use it So what does tour do tour provide privacy to begin with provides anonymity provides communication security Provides a traffic analysis resistant communication network those are mainly the same things said in different ways and To different people maybe different set of people that would understand the concept with different words But the last point it's the most important point for us and this tour provides reachability against censorship Most of the people they use tour want to access Facebook because they cannot do it in their own country So how does it work? Tour provide privacy by distributing trust you have your traffic routed across a network of nodes run by volunteers and this is different from The idea of running a VPN where you only have one single point of failure or one single node where your traffic Goes out and you need to trust the service that you're using In this case you don't have to trust anyone the trust is distributed across the network So, okay, we have Alice and Bob because we always listen Bob So Alice wants to visit Bob Bob is a website Has it Alice has a tour clients and obtains a list of nodes from a directory server Picks a path to the tour networks and reaches Bob.com So the purple lines are encrypted and they run into the tour network and the green line is out in the internet and The encryption protocol on that connection depends on the encryption protocol that Bob is using in this case So if they use in HTTP the traffic is in the in clear if not is encrypted It's always important to use secure protocols, even if you're using tour so If then Alice wants to visit different website like Jane Alice client will pick a different path Totally different path and will reach Jane.com So this is no there is no way in generally speaking to trace the two connections and understand that Alice is Visiting Bob first and Jane later So this is One concept that we always says that tower provides anonymity and it's more than encryption anonymity because So if I'm calling a mental health helpline and The service I'm using doesn't know what I'm saying but knows them calling this hop nine at midnight They probably know that someone I know myself as some mental health issues and these go for a lot of different things Because Encryption doesn't hide the conversation metadata. It can hide the content but not the information about the conversation that can already say a lot about the content Encryption doesn't hide your social graph who you're talking to It doesn't hide Some metadata from the network. It doesn't hide your location, but anonymity does and this is what our provides so there's always this question about why tours provides a browser and this is because We think that or but the Tobras is the way that you can serve the web on in a safe way and this is the easiest way to provide safe use of tour and Tobras is a modified Firefox. There are some things packaged inside It's Torred or button Tor launcher no script and HTTPS everywhere and the idea The properties that you get by using Tor browser is of course you use Tor safely then just running Firefox over Tor It's a little bit different, but also it's Engineer let's say to reduce the linkability between different activities So the idea that you which is a website first and then another later The advertising network on both websites wouldn't be able to recognize you unless for example You're logged into Facebook and book and Google why using it or So We also provide these things called onion services to have what we say by direction anonymity so The idea is that you Reach a website within the tour network the service stays in the tour network So if you remember the green line Representing on an encrypted connection that green line doesn't exist anymore The service stays in the tour network and can enjoy all the properties provided by the tour network so There are some other interesting thing about onion services They can be started from your computer They are peer-to-peer. They are decentralized Because they live on the tour network they have a smaller attack surface They provide by direction anonymity and also they are the onion service address are public keys and With version 3 onion service you can create as many public as many sub keys as you want. So Ideally you can use Different keys for different purposes so more or less, this is how onion service work Bob is an onion services and Picks three nodes in the network and builds a circuit to them These are called introduction points Then Advertise the service to the directory Service which is basically a database and says hey, I exist and send some information to the database and Then there is Alice and Alice knows that Bob's exist So they ask some information to the database and set up a tour node. It's a rendezvous point so Alice has learned the introduction point from the database picks one and Send a message to Bob Telling Bob something like hey meet me at rendezvous point and also send a one-time secret to Bob Bob connects to the rendezvous point. They exchange a secret and They just used a third circuit as normally so Between Alice and the rendezvous point There is a three-op store circuit and between Bob and the rendezvous point. There is another three ops onion circuits So it's basically six stops of circuit So that is the thing we have these services. How do we use them? The idea is to have a little bit of ecosystem of application and service that live on the tour network So the first thing is like okay, I'm I set up a SSH service from a docker container from my computer and I use it because I need to and Okay, I have a container. I have some configuration And I just start the container and that's on my computer and is accessible through SSH Via tour of course so If you want to set up SSH survey in reality, you just need to configure the torr see Torr CC file and just change a few lines. You said the Indian service directory the port That you want to expose and the port of the service that is running on the machine The torr CC files a lot longer has a lot of configuration option But it's all for all the different cases that you might use like running relays or and so on so There is these things a store socks and it's bundling to tour when you install it on your system and it's like a wrapper application for socks 5 and You can use it for running Tor the comments over torr so if I want to run Carl I do it over a torr socks and that's running over onion so Over torr so I can access onion service or I can just if I want to use some API is privately I can use I can do it through that and of course I can use it also in While I'm programming or scripting or developing something so if this is a small example with I'm using requests for Python and I do a get over an onion services, which is archive dot or project dot org and I could do that through torr socks Basically using the socks 5 interface that is exposed by torr So but there is more that I can do so the idea is these things is the central eyes is pierced to beer I can run it from my computer and I can do a lot more with it So there is this sharing application, which is very small It's called onion share and it's used basically to say you want to send a file to a friend you start on and share on your machine you On your share starts an onion service you upload a file and your friend can access that file Through the trial browser Without using dropbox or anything and when you don't want the file to be available anymore. You just shut it down And that's it and it's gone So the idea is that what if I want to share a static website to a friend just for some time HTML JavaScript CSS images nothing fancy, but I want to put it online and I want to watch it on my computer Just because I'm working on something and I want to share it So this is basically a hack at the moment. I don't know when it would go into onion share But it's shares, it's a gift by the way it shares a Folder with a website and all the files and it makes it available on the browser and So the way it does this is onion share is a flash application So it basically injects the HTML of the files you want to share When you read it, so this is it started copy the address put it there on door browser and Yeah, it's loading. But anyway, yeah, so injects the HTML from the files you want to share into The flask templates at the moment. This is it's a bit rusty, but it's working And this is like the support project from Tor and that's me stopping in the casting So but there's something more that we can do right What if just instead of sharing files and running study website we can launch any service that we want for our computer We put in a container and we have a wrapper application and we just Have it available on the door network easily just because we want to test something or just because we want to use it and there is these things that I was working on it's called my onion and It basically starts to work containers with At the moment there is only the configuration for running a web service with nginx and fetching a website and Again, it's very few lines of code that actually do the code and to the work And it I wanted to show this to show that it's not complicated to use this It's not sub-executive technology and to read a few lines. You can really start doing something and in this case I just call docker with this client variable and I Send the Containers website is just a docker file the folder where the docker files is and I just launch it and Basically, that's it This is the configuration for the container. It's debian and it's pretty basic Okay, the video doesn't play That's mine, but if the the idea was the same like with onion sure That you have an application you click a button and you receive an onion address you put it in Torbrowski and it's available so This is why it's interesting onion services live on the door network Provide anonymity to the service provider and the visitors You can ask them from everywhere. You don't need hosting if you wanted to run a website familiar confirm your computer you could and That's it. They are basically the gateway to having decentralized services. They are safe to use this is the most important thing and So I don't know for me It's it's very important because the idea that you can run something so easily from your computer from your home and then make it disappear in a way set you free to many possibility of suffering you can do and One practical example I have of this is that in some countries hosting is expensive So what people do? They set up onion service on raspberry pi and they have they the website for their shop for example running from there and Of course, it might not be 100% reliable But it's still free. You stick into whatever you want with it. So That's it you can Send questions But It's one note but it can yes, sorry the question is that if Onion services are decentralized. How come they advertise to the directory services, which is just one note So the thing is on the turn network any note can become a directory service for a long time if it's online For a long time, so you start as relay and then if you have good performance of the relay you get promoted to different Roles within the network for a certain amount of time. So what is true that they advertise to the directory service? Any note can be a directory service There was a question upstairs actually before The same question. Okay, so you free The question is about Load balancing for onion services and there is a note. There is an onion balancer But at the moment it doesn't support D-function that she would expect for an onion balancer like for example to have many onion balancer so he can be a bottleneck but There is this person called Alec Moffat from he works at Facebook and has been working on on the onion service Facebook use and he has been working a lot of the onion balancer and so on so if you Google onion balancer in his name You will find a lot of stuff this has found working on this I Don't know it's got sorry the question is regarding SSH and HTTP and IP before and if you can use How does it change when you use onion services? but The the IP doesn't matter because it's on the door network and only matters is the key that is used for the onion service address so So imagine that you on the same machine you could have different services there are onion services and they are available for different ports and But also the thing is you could also change the keys if you want The keys not to be known for example and other things, but the IP doesn't matter anymore Because it's only the key at this Which is the service address? I don't think so Actually, sorry, if you could run different onion services under the same public key. I think the service the keys and identifier So I assume that for each service you have a key But I wouldn't know if you change something with the ports. Maybe you could do I'm not sure See if you sorry if you could share the same key with different computers I'm not sure you could try to export the key But every time you create an onion service torque creates a different key and You can do some key management, but I don't know about fallback. I'm not sure I think they cannot be active at the same time basically So it's like two different address. So but if you want to export it so that you keep the key Yes, so the question is how do you pick entry nodes and this is the torque client that does it So it's basically you receive a list of node and you pick randomly Among that list So the question is about the the node that you used to use that are networks. So it they're not They are free for the onion service, you mean not for your client So the idea is in the algorithm to use three introduction points and have them use different Points, I'm not sure why three exactly in the case of the hops is because of There are some models about The idea that you and three from one side the middle node doesn't know Where you wait that when you're coming from and the exit node just see the middle node basically the kind of thing So it's it's in the algorithm in the on your routing. So how can we help door? That was the question You cannot run relays which are the core of the network, which is the main thing You can volunteer your time advocating developing researching on tour You can donate If that's what you want they give you t-shirts in exchange and other things or nothing depends But mostly some helping the network using the browser be part of it