#tor-meeting log

17:01:14 <morganava> #startmeeting Applications Team Office Hours 2025-07-23
17:01:14 <MeetBot> Meeting started Wed Jul 23 17:01:14 2025 UTC.  The chair is morganava. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:01:14 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
17:01:15 <morganava> hi hi
17:01:46 <morganava> thus begins today apps team office hours
17:02:01 <morganava> if anyone wants to chat with us, here we are!
17:02:24 <morganava> or if there's any other discussions the team wants to have we can do that too
17:02:40 <morganava> otherwise i'll kill the bot after ~15 minutes of dead air
17:03:44 <Jeremy_Rand_Lab19[mds]> Good afternoon. No substantive news on my end, other than "SocksTrace is continuing to get code refactors to improve code quality"
17:03:53 <morganava> exciting :D
17:04:59 <Jeremy_Rand_Lab19[mds]> Yeah, this is how research projects always go right? Start out with a barebones PoC that just barely shows it can work, and then you refactor the hell out of it until it eventually starts to look like something a sane person would want to use. lol
17:06:03 <Jeremy_Rand_Lab19[mds]> One good thing about the refactors though is that the binary size is shrinking quite a lot, because we've been auditing our dependency choices, and replacing bloated deps with things that have much less attack surface
17:06:05 <morganava> basically, that's been my experience
17:06:42 <morganava> any hope for a Windows version? :D
17:06:46 <morganava> or is it just Linux only?
17:08:21 <Jeremy_Rand_Lab19[mds]> Linux only because seccomp userspace notifications are a Linux thing. Theoretically you could do something for macOS and BSD by using those OS's equivalents (I think macOS has dtrace?), but Windows definitely is not possible because syscall interception is just not a supported thing on Windows. You could do DLL interception on Windows, but that's going to always be a leak risk I think.
17:08:52 <dan_b> oh I did stumble upon the idea yesterday with ma1 for:
17:08:53 <dan_b> https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41516
17:09:19 <dan_b> which i'm picking away at. what always sounds like it'll be a fast knock out of the park always ends up taking more time. #buildSystemWork
17:09:45 <Jeremy_Rand_Lab19[mds]> morganava: that said. If you audit a cross-platform application for leaks on Linux with SocksTrace, that's likely to turn up the vast majority of potential leaks that could be a thing on Windows.
17:10:27 <Jeremy_Rand_Lab19[mds]> Of course if the application has totally different code paths for network things on Windows vs Linux, then yeah SocksTrace won't help you audit the Windows code paths
17:12:33 <morganava> Jeremy_Rand_Lab19[mds]: dll interception ought to be good enough if not in the general case than for the specific case for network calls tho on Windows
17:13:01 <morganava> ie all systemcalls first go through nt.dll or w/e first iirc
17:13:21 <morganava> it's  just the ABI between the dll and the kernel isn't stable
17:13:40 <Jeremy_Rand_Lab19[mds]> morganava: yeah so I *think* there are already tools out there that can do network DLL interception on Windows. I believe they're primarily designed for SOCKSification rather than auditing but someone could probably fork them to do what SocksTrace does.
17:13:49 <morganava> so presuming the app your testing doesn't try to scoot around nt.dll and rollt heir own syscalls it should be.. fine?
17:14:01 <Jeremy_Rand_Lab19[mds]> This would likely have very little code in common with SocksTrace though
17:14:27 <Jeremy_Rand_Lab19[mds]> morganava: if someone wants to toss a bunch of funding at Robert and me to investigate doing this, maybe we could be persuaded?
17:14:57 <Jeremy_Rand_Lab19[mds]> morganava: and yes AFAIK you are correct about everything going through a Windows DLL etc
17:15:26 <morganava> heh
17:16:27 <Jeremy_Rand_Lab19[mds]> Now that I think about it, it's conceivable that SocksTrace could be modularized so that the hooking API is replaceable at build time, so you could do the seccomp thing on Linux but instead do a DLL thing on Windows
17:16:43 <morganava> yeah exactly
17:16:45 <morganava> modular backends
17:16:48 <Jeremy_Rand_Lab19[mds]> This might be a benefit for the overall code quality too
17:17:02 <morganava> or drivers or w/e
17:17:07 <Jeremy_Rand_Lab19[mds]> So yeah maybe we could apply for a follow-up NLnet grant for something like that
17:17:29 <Jeremy_Rand_Lab19[mds]> Right now there's a lot of low-hanging fruit we want to improve on Linux before we'd do that I think
17:17:36 <Jeremy_Rand_Lab19[mds]> But it never hurts to plan ahead right?
17:17:42 <morganava> you'd think :p
17:19:33 <Jeremy_Rand_Lab19[mds]> morganava: regarding low hanging fruit
17:19:42 <Jeremy_Rand_Lab19[mds]> I can't recall if I mentioned this to you before but
17:20:10 <Jeremy_Rand_Lab19[mds]> You know how we intercept the send syscalls so that we can tell if the application is handling stream isolation properly in the SOCKS5 handshake?
17:20:23 <morganava> right
17:20:29 <Jeremy_Rand_Lab19[mds]> I realized we could do the same thing to audit whether the application is using TLS
17:20:41 <Jeremy_Rand_Lab19[mds]> So you could optionally make SocksTrace block non-TLS connections issued by the application
17:21:05 <Jeremy_Rand_Lab19[mds]> So if you're worried that some application might be making plaintext connections, SocksTrace could protect you from that
17:21:30 <Jeremy_Rand_Lab19[mds]> This would also would be useful for auditing that DoH is used consistently in browsers that are supposed to use it
17:22:05 <morganava> are you planning on doing/publicizing a barrage of tests on the various tor-supporting applications out there?
17:22:54 <Jeremy_Rand_Lab19[mds]> morganava: we would definitely like to do that. I discussed with Arthur the idea of integrating SocksTrace into PrivacyTests. Other test suites might be cool too.
17:26:20 <morganava> oh actually
17:26:54 <morganava> Jeremy_Rand_Lab19[mds]: would you be willing to give our esr140 alpha channels a go once it's ready?
17:27:15 <morganava> we've a gitlab issue somewhere to potentially do this in an automated fashion
17:27:21 <morganava> once we have time for automated tests :p\
17:28:19 <Jeremy_Rand_Lab19[mds]> morganava: I'm guessing Robert and I could be persuaded to do some manual QA testing of ESR140 in SocksTrace. I can ask him if you like?
17:29:27 <morganava> yeah that could be useful
17:29:36 <morganava> if you're interested in help kick the tires so to speak :p
17:30:01 <Jeremy_Rand_Lab19[mds]> Any such QA testing would be a lot more effective if you (or perhaps ma1 (IRC) ) could give us a list of functionality to test -- we're aware of WebRTC being a common leak vector but we don't know what else is likely to have issues
17:30:28 <morganava> that could probably be arranged
17:31:00 <Jeremy_Rand_Lab19[mds]> alright. I'll ask Robert if he's willing to do this -- probably he'll say yes but I can't commit his time without asking of course :)
17:32:00 <morganava> if nothing else will be a good first step toward automating such things
17:33:34 * Jeremy_Rand_Lab19[mds] just poked Robert about it. I'll let you know when I get a reply
17:40:09 <Jeremy_Rand_Lab19[mds]> Anyway that is all I wanted to talk about today, so if any lurkers want to talk, now is your time to shine :)
17:44:27 <morganava> :3
17:48:27 <morganava> alright folks, good chatting as always
17:48:29 <morganava> cya next week o/
17:48:32 <morganava> #endmeeting