Oniux seems like an "officially" supported tool similar to orjail (which hasn't received a commit in four years, but still works great as a shell script with iptables/iproute tools [1]). Orjail has also an option to run with firejail for further isolation, which seems to be still a feature that Oniux doesn't have.
Huh. I had a conversation with a Tor developer on this topic about a decade ago, when network namespaces were still kind of a new hotness - the feedback I got was that it would be an easy way for people to think they were being secure while still leaking a bunch of identifiable information, so I didn't push that any further.
natmaka · 2h ago
Isn't all this reserved to TCP, in other words in which way may it protect non-TCP activity?
charcircuit · 1h ago
Non-TCP activity wouldn't route and will fail to send.
izhak · 9s ago
UDP wouldn't route?..
ahmedfromtunis · 2h ago
Does this mean one can now access tor websites using chrome?
kyguy23 · 1h ago
You can, but please don’t do this, you’ll stick out even more! Tor browser has a series of anti fingerprinting strategies that chrome doesn’t
OsrsNeedsf2P · 1h ago
Does Brave attempt to mimic any of these anti fingerprinting strategies? Asking because it has a "Private tab with Tor" feature
fatchan · 9m ago
No. First of all, just check for `navigator.brave`. If it exists, it's Brave. When I ran a .onion site I added a JavaScript check and if navigator.brave was present, it redirected users to a specific page saying:
> Hey, there's something funny about your Tor Browser. When browsing Tor hidden services (.onion), you should be using Tor Browser. Are you using an outdated version, or perhaps something else entirely?
Brave is chrome. Tor browser is firefox, has a bunch of tweaks, different default settings, and a different fingerprint. Also when browsing on Tor, you should disable JavaScript as it's a source of many vulnerabilities.
acheong08 · 2h ago
You always could by just setting the proxy environment variables (or in settings). The standard port for the tor daemon is 9050.
In fact, it's relatively easy to write a socks proxy that lets you route traffic through a arbitrary protocols. For example, I can serve/visit websites on syncthing with a socks5 proxy as a translation layer: https://github.com/acheong08/syndicate
ericfrederich · 4h ago
They use hexchat as an example but do these processes run with the users configuration? Wouldn't this leak IRC usernames if you forget to change it.
... Or leak cookies if you launch a browser?
alfiedotwtf · 3h ago
Separation of concerns - although Tor goes to great lengths to prevent fingerprinting, Tor and Oniux’s main aim IMHO is to make the source IP untraceable.
Same thing could have been said about using Tor to login to Gmail (if it were not HTTPS).
charcircuit · 3h ago
What do you mean by leak usernames? It would leaks that a username uses tor. It would still leak that all of the usernames connecting to the same IRC host would be the same person.
IRC seems pretty dangerous if you want to remaining anonymous considering how many people are logging disconnection times allowing them to be correlated with other network disruption events.
01HNNWZ0MV43FF · 3h ago
Irssi iirc used to default your username to your system username, so noobs would leak their given name by accident. After seeing that I changed my username in Linux to always be the most common username
PaulDavisThe1st · 1h ago
root?
SV_BubbleTime · 3h ago
What is the most common Linux username though? Obviously you don’t want to do your regular work as root. And guest has its own issues.
Is there a “common name”?
tbrownaw · 2h ago
Not sure about "most common", but I have some vms that use `user` as the username.
Fnoord · 1h ago
root
romnon · 2h ago
ubuntu
Xevion · 2h ago
admin
alfiedotwtf · 3h ago
The DevEx is beautifully done here i.e it’s idiot-proof! Nice work to the people behind this <3
brians · 2h ago
It’s really, really not. Idiots are ingenious. The operational care to use this in ways that preserve anonymity is beyond most users.
[1] https://github.com/orjail/orjail/blob/master/usr/sbin/orjail
> Hey, there's something funny about your Tor Browser. When browsing Tor hidden services (.onion), you should be using Tor Browser. Are you using an outdated version, or perhaps something else entirely?
Brave is chrome. Tor browser is firefox, has a bunch of tweaks, different default settings, and a different fingerprint. Also when browsing on Tor, you should disable JavaScript as it's a source of many vulnerabilities.
In fact, it's relatively easy to write a socks proxy that lets you route traffic through a arbitrary protocols. For example, I can serve/visit websites on syncthing with a socks5 proxy as a translation layer: https://github.com/acheong08/syndicate
Same thing could have been said about using Tor to login to Gmail (if it were not HTTPS).
IRC seems pretty dangerous if you want to remaining anonymous considering how many people are logging disconnection times allowing them to be correlated with other network disruption events.
Is there a “common name”?