Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to run your code on the dark web (15m version)

How to run your code on the dark web (15m version)

Tor is an open anonymized network and web browser. Millions of users connect with Tor every day. Is your code ready for them? This talk introduces Tor, provides an overview of how it works and the adversaries and attacks its designed to stop, and shows that optimizing your code for Tor is quite practical, and improves your code for everyone.

luke crouch

October 04, 2017
Tweet

More Decks by luke crouch

Other Decks in Technology

Transcript

  1. Me. I’m Luke. I’m a web dev. I work on

    Privacy & Security. I click thru slides really fast. Twitter: @groovecoder speakerdeck.com/groovecoder 2
  2. IP, DNS, & HTTP threats • Hackers-in-the-middle • ISPs snooping

    on customers’ online activity • Governments censoring sites • Corporations scanning web logs for their competitors’ IP addresses • Criminal sites scanning web logs for law enforcement IP address
  3. IP, DNS, & HTTP threats • Hackers-in-the-middle • ISPs snooping

    on customers’ online activity • Governments censoring sites • Corporations scanning web logs for their competitors’ IP addresses • Criminal sites scanning web logs for law enforcement IP address
  4. Tor protection from DNS + HTTP internet threats • Hackers-in-the-middle

    • ISPs snooping on customers’ online activity • Governments censoring sites • Corporations scanning web logs for their competitors’ IP addresses • Criminal sites scanning web logs for law enforcement IP address
  5. Help the browser with Resource hints (You should do this

    anyway) https://w3c.github.io/resource-hints
  6. exit node threats = Man-in-the-Middle threats • exit node snooping

    on unencrypted data:
 user/password, PII, etc. • Hook browsers with BeEF • Backdoor binaries
  7. +

  8. Summary • Optimize for latency • Make it work in

    Firefox (ESR) • (Optional) WITHOUT:
 JavaScript, MathML, SVG, Web Fonts
  9. Yay! Your code works* fast* and secure* for users *

    for some definition of “works|fast|secure”
  10. Optimize for latency • Minimize Requests • Prefer fewer, larger

    asset bundles • Use CSS Sprites for images • Use Data URIs for small images • Use Icon Fonts • Use Resource Hints • Good caching • Allow CDN access from Tor nodes
  11. Come to to learn more! • OnionScan • Anonymous Email

    • EXIF data in images • Server fingerprinting • “Rotten Onions” attacks • (maybe: hacking nazis on the dark web?)
  12. Writing code for the dark web makes your code better

    faster more secure more compatible
  13. Writing code for the dark web makes your code better

    about your privacy think others’
  14. –Trisha Salas @ Thunder Plains 2016 “I want to try

    Tor … but I heard it puts you on some kind of list … and I plan to travel soon.”
  15. –me “I have done many weird things with/on Tor and

    I’ve had no problems traveling.”