AnonSurf 3.0 change and roadmap

Official changelog for AnonSurf development discussion before Beta testing and further

Before main topic:

Version anonsurf 2.13.9 is arrived on stable repo. Any user is having problem with anonsurf can fix it by reinstall Tor. Full step if you are having old version which is having problem:

  1. Upgrade anonsurf to 2.13.9
  2. Start anonsurf. It has error.
  3. Stop anonsurf and reinstall tor
    This problem happened because of a script in Debian packaging that Palinuro made before which remove /etc/tor/torrc and create a symlink.
    Note: Step 2 is required to fix the bug. I don’t know why.

Main topic

Core:

  • Rework my IP. It is now using Tor server to check your IP and also under tor status. Address https://check.torproject.org/
  • Fix problem of AnonSurf enable / disable boot by syntax in system unit file.
  • Rework the logic of AnonSurf so it is more simple: Remove ALL sleep command, optimized all functions so it can start at boot as well as start from terminal only
  • Random password of Control Port. This is not actually an extra security feature but we don’t want to use a hard coded password for all users.
  • Fix logic problems when restore DNS settings.
  • Restart now restart only services (anonsurf daemon and tor). It works as same as start and stop but no more asking kill apps and annoying prompts
  • Remove bridge mode (answer is in here anonsurf 2.13.9 - start-bridge 'disappeared after update). It will be added when we have better solutions. bridge was a unmaintained features when we added it by some configurations only and there was no actual monitoring and testing.

User interface

  • Menu now uses gksudo and notification (by notify-send) only. No more boring terminal from the GUI.
  • Notification now use icon (i believe it increase UX and better for focusing on new events)
  • A little change in terminal output: less useless space, different color output, … which is more friendly.
  • A GUI application is out. Yes, GUI application. From GUI you can not only start / stop AnonSurf but can check IP, change ID, show status, … The GUI also check current control ports, DNS status to show core information about your Tor connection.
  • Rewrite the way to install program: Change from Makefile to Debian standard. It is not only shorter, more simple way to maintain but it can clean old files when something is changed,…

GUI app

  • The GUI is written by Nim lang and gintro which is GTK binding for Nim lang. Nim lang is a new language which has a good syntax as same as python but it is statically typed compiled systems programming language so it is not just easy to read and maintain but has performance like a beast (i’m not lying. The launcher-updater of parrot-menu is written in Nim lang which is faster than old script which was written in golang x6-x8 times). Nim lang also means safe program, lightweight binary and small Ram usage. A big thank to Nim lang community and author of gintro, Stefan Salewski! They helped me a lot with syntax and problems i had.
  • This is the 3rd desgin for the GUI of AnonSurf (that is why it have been 6 months since i started working on GUI). So manything has been rewritten. This is not first program in Nim lang of mine but this is the first GUI program. There are still so many mistakes in code. Crashing and other problems are expected.
  • GUI show status of AnonSurf in real time.
  • The GUI is like Kaspersky design. I’m a fan of this security solution. The GUi is really simple:
    Main page which shows core things that an user need about AnonSurf. It has 3 parts
  1. Details:
  • Show current status of anonsurf by icons
  • A label which show current status of anonsurf
  • Button details which leads user to full detail widget.
  • Button Tor status that call program nyx to show everything about Tor connection and more
  1. 3 core buttons
  • Start (stop): start or stop AnonSurf
  • Change ID: Change Tor exit nodes
  • My IP: Check your current IP (as same as function in bash but it is written in Nim lang with httpClient)
  1. Bottom bar for some extra buttons

Screenshot at 2020-07-23 17-27-41

The full detail widget which is showing

  1. Status
  • Status of services. It shows Tor and Anonsurf service
  • Show status of current Tor Ports (Control Port, Socks Port and Transport port)
  • DNS: Check current DNS setting from /etc/resolv.conf and DNSPort from torrc
  1. Boot status
  • Icon and label to show is AnonSurf is enabled with boot
  • A Button to enable / disable start at boot
  1. Bottom bar
  • A button to go back to main widget
  • A button to restart AnonSurf.
    Screenshot at 2020-07-23 17-35-26

More screenshot about the GUI
Screenshot at 2020-07-23 17-43-00 Screenshot at 2020-07-23 17-43-04 Screenshot at 2020-07-23 17-46-15 Screenshot at 2020-07-23 17-46-18

Security: apparmor and hardening

  • This is a super headache problem. I am making the profiles but it is unstable and it can makes problem on different environment. Beta testing will not include it.
  • I’m still working on making apparmor profile and using systemd hardening to make AnonSurf safer. It also mean i have to optimize the code, stop using command which can cause trouble / exploit / …
  • This is first time i’m working with apparmor profile and i’m feeling it is not easy enough to config and use. And any wrong config can make AnonSurf can not be used with no reason and it is hard to check the actual problem.

Futher:

  1. Support save configurations which allow AnonSurf uses more settings from Torrc and support more complex features by users
  2. Support bridge, obfs4bridge, …, i2p
  3. How about a public location? Like coffee? MAC changer (again) and something to protect in LAN
  4. Firewall thing…
1 Like

First of all,the features of 3.0 look nice,thanks for the update.
i wonder how difficult it would be for that type of status icon to also show as a clickable status applet available for the panel ?

second,i did the steps you listed in the begging of your post for the current version,and,i’m still not getting any connectivity once the steps are followed and anonsurf is activated.
i don’t show any errors upon starting anonsurf,since downloading the bridge that is,but, still nothing seems to work this point.
when reinstalling tor,do you think it would be best to do s full purge and install,or,should i simply just reinstall it as you describe ? (sudo apt-get reinstall tor)

it appears that when attempting a purge of tor,it also wants to remove anonsurf,which i find a bit weird.
shouldn’t they work in tandem,yet still be independent of one another during installs,purges, and re-installs ?

It needs binding of DE API (Mate or XFCE or KDE,…) which isn’t available on Nim for now. It also needs to read API, try, install by debian standard so it could take from a week to few months depends on how hard is the API and so on…

I need logs and other information to debug it. The previous bug took me a month to figure it out what happened.

Bridge mode is removed.

purge tor can remove important packages which can damge your system because of dependencies. sudo apt install tor --reinstall works. It works for me and some users who tried command.
Technically purge and reinstall is a good way but it as i said, it can remove all dependencies. So if anonsurf still doesn’t work, refresh installation of 4.10 is a better choice.

thanks for the reply!
i can follow most of that,and appreciate the work you all put into the OS.
i’'ll search the thread on how to provide the appropriate logs to you…

i actually just did a fresh install once the issue with mount was resolved a few days ago,so,unfortunately,that didn’t do it for me…
you mentioned 4.10,correct me if i’m wrong,but to my knowledge 4.10 isn’t available just yet,correct?
perhaps you’re saying that i should wait until it’s available to resolve the anon surf issue and i’m misunderstanding you…?

here are some of the logs that i see you often ask for when addressing this,if they’re more,just let me know…
i’m not certain why i don’t have any results from /etc/anonsurf/torrc:…?
$/etc/anonsurf/torrc
bash: /etc/anonsurf/torrc: No such file or directory
┌─[✗]─[nova@parrot]─[~]
└──╼ $sudo tor
Jul 25 16:03:33.808 [notice] Tor 0.4.3.6 running on Linux with Libevent 2.1.11-stable, OpenSSL 1.1.1g, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.4.5.
Jul 25 16:03:33.808 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jul 25 16:03:33.808 [notice] Read configuration file “/etc/tor/torrc”.
Jul 25 16:03:33.819 [notice] Opening Socks listener on 127.0.0.1:9050
Jul 25 16:03:33.820 [notice] Opened Socks listener on 127.0.0.1:9050
Jul 25 16:03:33.820 [notice] Opening DNS listener on 127.0.0.1:53
Jul 25 16:03:33.820 [notice] Opened DNS listener on 127.0.0.1:53
Jul 25 16:03:33.820 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9040
Jul 25 16:03:33.820 [notice] Opened Transparent pf/netfilter listener on 127.0.0.1:9040
Jul 25 16:03:33.820 [notice] Opening Control listener on 127.0.0.1:9051
Jul 25 16:03:33.820 [notice] Opened Control listener on 127.0.0.1:9051

Screenshot at 2020-07-25 15-52-00

It will be released soon.

When you have a moment,please let me know if any the info from the log I’ve added points towards a potential solution…?
i’m not ruling out user error or lack of knowledge of how it should be configured as the source either,which is why i’m asking…
if you need more information,just let me know…
i’m okay with trying 4.10 and seeing if that resolves the issue,but,just in case i run into potential issues with 4.10,and have to dial it back to 4.9 (due to unforeseen bugs), having a functioning version of anonsurf on 4.9 would still be a nice option…

THANKS AGAIN…

Ah yes sorry i totally forget it. No it doesn’t have any good information.
The no connection is the problem of version 4.9 and it happens randomly.

Big thank newbie-tech channel for awesome review

Nice update. Although until Tor over Tor prevention is implemented Anonsurf won’t be safe enough. The way for the prevention to be implemented is not very easy. Writing a few commands to add some text in /etc/environment and user.js of TBB itself. That will remove Tor in TBB. Although after editing /etc/environment the user must log out and log back in, in order for the changes to be applied system wide. If this is not done then changes won’t be applied systemwide and only in the said shell. Tor over Tor is best described here https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO#ToroverTor

Hey @dmknght, loving the UI for 3.0 by the way. May I ask, will Anonsurf 3.0 be ready for the 4.10 ISO release? I think it would be a great addition but only if it’s stable enough. :slight_smile:

IT should be on 4.10 beta testing soon. It is stable enough but if you want to help us test the quality, feel free to install, make a full test and report.

I’ve completed new display for AnonSurf. “Restart” now is at bottom bar of main widget and new “title bar” has about and exit button which always shows.
image

This version doesn’t have title bar so the only way to move it is hold “alt” then use mouse

Bridge mode is backkkkkkkkkkkkkkkk

New changelog for 3.0.2:

  • Added bridge mode (with some base configurations and new anonrc)
  • New layout for AnonSurf GTK
  • Fix firefox process name in kill-apps (new version changed process name)
  • Some small improvements

Important notes

  • Bridge mode can be enabled in /etc/anonsurf/anonrc, edit the json file.
  • GUI no longer has title bar. To move the GUI, hold Alt and use left click -> drag and drop

Further

  • More improvement
  • May support user’s configuration (in $HOME instead of /etc/anonsurf/) and add it to GUI + CLI
1 Like