TorPup 4.0 - A Puplet to help protect your privacy

[NoNameAmI]

So I've been bored recently. I've also been messing around with Tor.

A couple days ago I decided I wanted to give a shot at a Puplet centered around Tor and protecting the users privacy. This is the result...

This is the first release and I'm sure there are some issues. I need suggestions, feedback, etc to work on the next version.

NOTES:
* This is based on Skinny Pup
* This contains Tor, Privoxy and Vidalia and is launched via "Start TorPack" icon on the desktop
* Seamonkey is included. It has two different profiles. One profile is for direct connecting to the internet and has javascript and cookies enabled. The other profile is for Tor and is configured to be as anonymous as possible. Read the "Surf the web with tor" document located on the desktop for more information
* Pidgin is included and also has two profiles. One for direct connection and one for Tor only. Read the "All about Pidgin" document located on the desktop
* Thunderbird is included for Tor only mail. Read the "Setup Tor email" document located on the desktop
* The latest Truecrypt is also included.
* SSH has been modified to use Tor. With it you can now connect to Tor shells

Download (TorPup-400.iso):
http://puppyisos.org/isos/2008-07-to-12/
Username: puppy
Password: linux

MD5:
6e38ff604891e7095b1757ca17839401 TorPup-400.iso

[MU]

download from:

http://puppyisos.org/isos/2008-07-to-12/

user: puppy
password: linux

Mark

[hayagix]

Torpup is a great idea.

Can you give us a list of what is included. The download is over 300 mb.

[aarf]

Can chew 300mb for this one. thanks. Will have a look.

[37fleetwood]

truecrypt 6.0 will not allow writing to encrypted containers/partitions with kernels before 2.6.24, you should move to puppy 4.1 as it has kernel 2.6.25.16 though I've not had much getting it to write to an encrypted partition either. I am interested to know if you have had success with truecrypt 6.0. other than this I like the idea and am posting this from torpup. looks great!
Scott

[aarf]

sorry cant test it as no wifi or gprs connection for me in 4.0. also noticed eetiger has secure features but have not had wifi to test it either as yet.

[renlac]

TorPup is exactly what I was looking for. Thank you so much.

Unfortunately the download failed, several times, not even starting. Anyone got it easily?

Google didn't find other source. Any idea?

[droope]

Is it to think that there are a lot of problems of security, or is it just for us the paranoid?


Thanks.
Droope

[37fleetwood]

Is it to think that there are a lot of problems of security, or is it just for us the paranoid?


Thanks.
Droope

for me it solves a problem I have. I want to run a laptop with puppy for my business and want my files secure if the laptop gets stolen or lost. so far TorPup answers all issues except the problems getting truecrypt to write to encrypted drives. one more thing which would be nice is if someone would figure out what needs to be done to have puppy encrypt the swap file, it is kinda useless to encrypt your info if it is all available in the swap file. the easy fix is to simply turn off the swap but it would run better if you could use the swap and just have it encrypted.
Scott

[renlac]

Hi Scott

for me it solves a problem I have. I want to run a laptop with puppy for my business and want my files secure if the laptop gets stolen or lost. so far TorPup answers all issues except the problems getting truecrypt to write to encrypted drives. one more thing which would be nice is if someone would figure out what needs to be done to have puppy encrypt the swap file, it is kinda useless to encrypt your info if it is all available in the swap file. the easy fix is to simply turn off the swap but it would run better if you could use the swap and just have it encrypted.
Scott

I'm far from expertise, but from what I strived to understand about truecrypt, one of its main usefulness seems to be exactly what you ask. It encrypts/decrypts continuously (on-the-fly) in pure RAM, so that whatever data chunks that goes to the swap file, goes already encrypted, and as having to be taken from there then only decrypted in RAM. And so on, with any kind of files being opened or edited.

Now, the problem (at least for paranoid dudes like myself) is that the swap file (and the system) will always register the fact I have *run* truecrypt... And well, the way around this exists, being (as I understood) just about running truecrypt from a live-cd... Boy, great, but what is that?

And then a long history came taking me to this very tread. If what I said is correct, than TorPup is the ULTIMATE nowadays solution for the restfulness of the paranoids. I have extensively searched for some live-cd distros and pup-derivatives already coming with the three major paranoic utils: Truecrypt, openPGP and Tor. But nothing.

That's why I humbly call THE ONE who have no name and whose name is NoNameAmI our great savior! The father of first free cyber-paranoid world solution. Droop must be bow down now...

So, and for that all, brothers , you all may have at least a slight catch on how I'm suffering these days, beginning when, for the first time, my downloader (and several of them) was not able to download HOLLY TorPup-400.iso........ ...... .... ... ..

I know you cannot hug me now, I understand and forgive. But I will accept any help.... because... I need that holy file very much....

Heeeeeeeelp...

[aarf]

what i would like is the ability to have a ssl proxy like those you see on the web up and running in a few clicks. if this is there already perhaps some documentation.

[renlac]

Scott, it seems I'm wrong and you're right. Just getting the drive and searching more especifically, I got right to this interview with someone from truecrypt:

WolfManz611: How problematic is the windows swap file for a program like this? Does the windows swap file only come into play when witting a file back to the encrypted container or drive or does the swap file compromise files even when reading files from a container or encrypted drive?

Ennead: Whenever you open a file stored on a TrueCrypt volume in a program (for example, in a text editor), portion of the file is decrypted in RAM and passed to the program who requested it. TrueCrypt uses the non-paged pool to store cached passwords, encryption keys, IVs and other sensitive volume data, so this data cannot be leaked to paging files. However, TrueCrypt cannot prevent the contents of sensitive files that are opened in RAM from being saved unencrypted to a paging file. Therefore, we strongly recommend that users disable the paging file feature, at least for each session during which they work with sensitive data.

The entire interview is at http://www.wolfmanzbytes.com/news/viewn ... FACiZuNUSZ

So I see and I'm very sorry. I've got so sure of that, as the swap files issue was and is exactly my main concern (as a good damn paranoid) about the use of encryption: no real use being so. There are hacking tools able to have it all, easily.

Well, what about using system encryption option that truecrypt also provides? From what I understood (again) the swap file gets encrypted! Or not?

BUT overall (oh hopefully) when running an OS entirely in RAM, like our live-cds, where is the swap file MENACE?

Thanks and sorry again.

[37fleetwood]

@renlac, no problem I know you were not being disagreeable just stating what you thought to be true. there are other Linux distributions that encrypt the swap but have other issues such as truecrypt and some of the other programs haven't been ported to them yet and even if they did it is difficult to get it installed and keep it there. some of them have been abandoned though I don't know why. the next best ones are knoppix MIB, and dynebolic. puppy is perfectly suited for just this as you can install anything and upgrade as necessary. I have read a bit about using I believe bmcrypt to encrypt the swap but doing it is way more involved than I am capable of. if I have to use truecrypt 4.3 to get at my already encrypted drive then I need a user guide for using it in the command line. has anyone had success in writing to an encrypted device? I should try making a container file, maybe the problem only exists writing to an entirely encrypted device. I am looking at moving over from windows, truecrypt allows the encryption of the entire drive and os in windows only, this option is not available for Linux yet and might be difficult to implement with puppy running from a cd. I think one of the issues with full os encryption in Linux may be the way Linux uses a separate partition or drive for the swap drive. again I'm no expert but I really think this project is headed in the right direction. if developed correctly it would offer an edge over Microsuck for laptops that could not be ignored. I can't imagine anyone not wanting their stuff safe in the event that their laptop was stolen.
Scott

[Dromeno]

soory for being slightly off-topic but there is no separate Puppy Safety subforum yet so I think the best place to post this question is here.


According to The Register most European countries prepare laws which make it legal for government agencies to search your harddisk. I wonder if Puppy provides enough protection since most attached drives appear to be automatically mounted (in puppy 4.1).

source of the Register article:
http://www.theregister.co.uk/2008/10/21 ... e_hacking/

[renlac]

Aarf, do you mean some in-pup browser that could stay permanently in ssl mode as it was a proxy itself? I ask because of 2.xB Browser, which says to be a permanent anonymous browser, but i don't know if using ssl anyway.

Scott, thank you. I'll be studying those options and facts you mention. I believe at least the swap file issue will soon be solved, as it will be never dismissed by the brotherhood.

Please, have you, aarf, droop and all, succeeded to download the holy TorPup-400.iso from the indicated url? If you did, could you check if it still available for you?

Thanks a lot.

[aarf]

Code: Select all

wget -c --user=puppy --password=linux http://puppyisos.org/isos/2008-07-to-12/TorPup-400.iso

seems to be downloading correctly as I type this using wifi in Xandros. Have stopped the download as all seems well.

but I downloaded my Torpup-400.iso at the internet cafe. first tried opera 9.5 or 9.6 in windows XP at the internet cafe but it failed md5um check so I downloaded the current Download Accelerator Plus also known as DAP then successfully use DAP to do the Torpup.iso download. md5 checksum was then correct.

[aarf]

what i had in mind was a server with ssl or ssh enabled/abilities running in/on puppy. eg. with say XAMPP up and running then doing whatever to make it ssl or ssh proxy and then that ssl proxy could be a proxy for other web users as well as yourself.
have knoppix 5.3.1 which also has some security stuff but no documentation so haven't got knoppix ssl to function properly yet. will google and take a look at 2.xB Browser
May give eetiger another shot later too.
easily got a free shell account (ignore the dire warnings) from http://rootshell.be/ but haven't managed to get if functioning as per above.

[aarf]

secure tunneling at
http://secure-tunnel.com
ssl browsing at
http://snoopblocker.com
or
the ssl proxy details you can get by entering the catchpa verification code and waiting ten minutes at http://proxy-list.org/en/index.php . the ssl proxy details obtained can then be used by configuring your browsers own proxy details to use the proxy details supplied.

emulation of any of these three examples would be my idea/aim. If Torpup has similar things that do what these sites do, one day, somewhere I will be able to test it.

[aarf]

I cant find the 2.xB browser info. Is there a url link please?

[renlac]

Com'on lets crypt again!

Please excuse for being this somehow off topic, but as it may help some of the nice brothers...
http://www.browseanonymouslyanywhere.com/incognito/

Cheers!