My plan for new AnonSurf

Project News
1

Hello everyone! It has been a long time since I talk about update for AnonSurf. Here’s my Ted talk about the problems that I’ve faced and my plan

I. Why it’s taking so long

My original plan was rewriting AnonSurf front-end in Vala and combine with old Nim code as backend. However, 2 programming languages have different memory management, hence program crashes everytime a string is handled. Hence I have to rewrite everything in Vala, which is ugly IMO. Vala with Java-like syntax is nice writing GTK objects. However, rewrite the backend with a ton of handling stuff is not something I like.

II. Technical difficulty

My scope was “simple”:

  1. Focus on the front-end first. I’d make a new interface that’s simple, remove some backend functions
  2. Completely remove anything handles GUI (notification for example) in CLI.

But it’s not that simple. The highest priority requires me rewrite everything in Vala. But why rewrite in Vala? Vala is officially supported by GTK. Meanwhile, Nim is a great language, but GTK binding causes many problem:

  • It’s known that the anonsurf gui crashes on other platform
  • Nim’s Gintro (GTK binding of Nim) won’t be supported in the future. It’s official by the dev
  • The way Nim handles memory and variables makes it hard to make GTK binding. For example: callback event of a button can pass only 1 parameter.

An other idea is to stop using subprocess to call command service (the recent bug command service not found is NOT anonsurf’s problem but parrot-menu instead). However, the only solution I could find is to use D-BUS. Technically, It’s doable managing systemd services using D-BUS. However, the D-BUS channel doesn’t exist if the service didn’t start (rightttttt). So this method is impossible If the GUI app wants to start AnonSurf service (and I couldn’t found a solution for it)

And the final ultimate problem: grant authorized permission for start / stop and saving options. Technically the program run as normal user (in sudoer group) and I want some functions run as root. There are some topics on internet asking about granting permission but all solutions end with using pkexec (a sub process)
That being said, all new ideas are impossible. I have to stick with old methods in new language.

III. Front-end change

The GUI will have a new interface which has more information but more simple. Runtime memory should be decreased. I will drop the options dialog (option still exists though). That will get rid of technical issues i mentioned above, and get rid of libprce dependency.
And as I mentioned above, terminal version won’t have system’s notification. However, it also means the quick launchers in the menu won’t have start / stop launchers anymore.

IV. Support I2P in the future

I would like to have an option in the settings that supports I2P instead of only Tor. There will be more functions in anonsurfd script to support that. This is the first time I work with I2P so I hope I won’t fuck it up

6 Likes
2

Thank you so much for your contribution and for your honesty.
that’s what makes you a great developer!

Support I2P in the future is certainly a very good idea.

Features in the future for the new Anonsurf;

Anti Man In The Middle
Log killer
P changer
Domain Name Server changer
Mac Spoofer
Anti cold boot
Changes the timezone
Changes the Host
Browser anonymization

for these features you need;
tar, git, tor, curl,python3,python3-scapy.

cheers . . . :slight_smile:

2 Likes
3

my script for browser anonymization with activated Anonsurf and FF-ESR (privacy and security) and use only in the Tor network;

cheers . . . :slight_smile:

user_pref(“app.normandy.enabled”, false);
user_pref(“app.shield.optoutstudies.enabled”, false);
user_pref(“browser.cache.disk.enable”, false);
user_pref(“browser.cache.disk_cache_ssl”, false);
user_pref(“browser.cache.offline.enable”, false);
user_pref(“browser.fixup.alternate.enabled”, false);
user_pref(“browser.newtabpage.enabled”, false);
user_pref(“browser.messaging-system.whatsNewPanel.enabled”, false);
user_pref(“browser.newtabpage.activity-stream.feeds.snippets”, false);
user_pref(“browser.newtabpage.activity-stream.feeds.topsites”, false);
user_pref(“browser.newtabpage.activity-stream.feeds.system.topsites”, false);
user_pref(“browser.newtabpage.activity-stream.showSponsored”, false);
user_pref(“browser.newtabpage.activity-stream.showSponsoredTopSites”, false);
user_pref(“browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons”, false);
user_pref(“browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features”, false);
user_pref(“browser.newtabpage.activity-stream.section.highlights.includePocket”, false);
user_pref(“browser.newtabpage.activity-stream.feeds.telemetry”, false);
user_pref(“browser.newtabpage.activity-stream.telemetry”, false);
user_pref(“browser.pagethumbnails.capturing_disabled”, true);
user_pref(“browser.ping-centre.telemetry”, false);
user_pref(“browser.region.update.enabled”, false);
user_pref(“browser.region.network.url”, “”);
user_pref(“browser.search.update”, false);
user_pref(“browser.search.suggest.enabled”, false);
user_pref(“browser.sessionstore.privacy_level”, 2);
user_pref(“browser.startup.homepage_override.mstone”, “ignore”);
user_pref(“browser.startup.page”, 0);
user_pref(“browser.tabs.crashReporting.sendReport”, false);
user_pref(“browser.tabs.firefox-view”, false);
user_pref(“browser.topsites.contile.enabled”, false);
user_pref(“browser.uitour.enabled”, false);
user_pref(“browser.uitour.url”, “”);
user_pref(“browser.urlbar.trimURLs”, false);
user_pref(“browser.urlbar.groupLabels.enabled”, false);
user_pref(“browser.urlbar.suggest.openpage”, false);
user_pref(“browser.urlbar.suggest.searches”, false);
user_pref(“browser.urlbar.suggest.topsites”, false);
user_pref(“browser.urlbar.quicksuggest.enabled”, false);
user_pref(“browser.urlbar.quicksuggest.dataCollection.enabled”, false);
user_pref(“browser.urlbar.quicksuggest.showedOnboardingDialog”, true);
user_pref(“browser.urlbar.suggest.quicksuggest.nonsponsored”, false);
user_pref(“browser.urlbar.suggest.quicksuggest.sponsored”, false);
user_pref(“browser.vpn_promo.enabled”, false);
user_pref(“datareporting.healthreport.uploadEnabled”, false);
user_pref(“datareporting.policy.dataSubmissionEnabled”, false);
user_pref(“dom.security.https_first”, true);
user_pref(“dom.vibrator.max_vibrate_ms”, 0);
user_pref(“extensions.getAddons.cache.enabled”, false);
user_pref(“extensions.htmlaboutaddons.recommendations.enabled”, false);
user_pref(“extensions.ui.lastCategory”, “addons://list/extension”);
user_pref(“extensions.pocket.enabled”, false);
user_pref(“extensions.quarantinedDomains.enabled”, false);
user_pref(“extensions.systemAddon.update.enabled”, false);
user_pref(“extensions.webextensions.restrictedDomains”, “”);
user_pref(“layout.css.font-visibility.standard”, 3);
user_pref(“media.peerconnection.ice.default_address_only”, true);
user_pref(“media.peerconnection.ice.no_host”, true);
user_pref(“network.connectivity-service.enabled”, false);
user_pref(“network.cookie.cookieBehavior”, 5);
user_pref(“network.http.referer.XOriginPolicy”, 1);
user_pref(“network.http.referer.XOriginTrimmingPolicy”, 2);
user_pref(“network.IDN_show_punycode”, true);
user_pref(“network.manage-offline-status”, false);
user_pref(“network.trr.default_provider_uri”, “https://doh.ffmuc.net/dns-query”);
user_pref(“permissions.isolateBy.userContext”, true);
user_pref(“places.history.enabled”, false);
user_pref(“privacy.clearOnShutdown.offlineApps”, true);
user_pref(“privacy.cpd.offlineApps”, true);
user_pref(“privacy.cpd.passwords”, true);
user_pref(“privacy.donottrackheader.enabled”, false);
user_pref(“privacy.firstparty.isolate”, false);
user_pref(“privacy.firstparty.isolate.block_post_message”, false);
user_pref(“privacy.history.custom”, true);
user_pref(“privacy.query_stripping.enabled”, true);
user_pref(“privacy.sanitize.sanitizeOnShutdown”, true);
user_pref(“privacy.userContext.enabled”, true);
user_pref(“privacy.userContext.ui.enabled”, true);
user_pref(“security.insecure_connection_text.enabled”, true);
user_pref(“security.insecure_connection_text.pbmode.enabled”, true);
user_pref(“security.mixed_content.upgrade_display_content”, true);
user_pref(“services.settings.server”, “https://s.%.c.invalid/v1”);
user_pref(“signon.autofillForms”, false);
user_pref(“signon.formlessCapture.enabled”, false);
user_pref(“toolkit.coverage.endpoint.base”, “”);
user_pref(“toolkit.coverage.opt-out”, true);
user_pref(“toolkit.telemetry.coverage.opt-out”, true);
user_pref(“ui.use_standins_for_native_colors”, true);
user_pref(“webgl.enable-debug-renderer-info”, false);

user_pref(“security.ssl.require_safe_negotiation”, true);
user_pref(“security.ssl.treat_unsafe_negotiation_as_broken”, true);

user_pref(“browser.display.use_document_fonts”, 0);
user_pref(“browser.formfill.enable”, false);
user_pref(“browser.safebrowsing.downloads.remote.url”, " ");
user_pref(“browser.safebrowsing.downloads.enabled”, false);
user_pref(“browser.safebrowsing.phishing.enabled”, false);
user_pref(“browser.safebrowsing.malware.enabled”, false);
user_pref(“browser.safebrowsing.downloads.remote.enabled”, false);
user_pref(“browser.safebrowsing.downloads.remote.block_dangerous”, false);
user_pref(“browser.safebrowsing.downloads.remote.block_dangerous_host”, false);
user_pref(“browser.safebrowsing.downloads.remote.block_potentially_unwanted”, false);
user_pref(“browser.safebrowsing.downloads.remote.block_uncommon”, false);
user_pref(“browser.safebrowsing.blockedURIs.enabled”, false);
user_pref(“browser.safebrowsing.provider.google.gethashURL”, “”);
user_pref(“browser.safebrowsing.provider.google.updateURL”, “”);
user_pref(“browser.safebrowsing.provider.google4.gethashURL”, “”);
user_pref(“browser.safebrowsing.provider.google4.updateURL”, “”);
user_pref(“browser.safebrowsing.provider.mozilla.gethashURL”, “”);
user_pref(“browser.safebrowsing.provider.mozilla.updateURL”, “”);
user_pref(“browser.urlbar.speculativeConnect.enabled”, false);
user_pref(“dom.security.https_only_mode”, true);
user_pref(“dom.security.https_only_mode_send_http_background_request”, false);
user_pref(“extensions.blocklist.enabled”, false);
user_pref(“extensions.formautofill.addresses.enabled”, false);
user_pref(“extensions.formautofill.creditCards.enabled”, false);
user_pref(“extensions.formautofill.heuristics.enabled”, false);
user_pref(“extensions.screenshots.disabled”, true);
user_pref(“font.blacklist.underline_offset”, “”);
user_pref(“media.eme.enabled”, false);
user_pref(“network.captive-portal-service.enabled”, false);
user_pref(“network.dns.disablePrefetch”, true);
user_pref(“network.http.altsvc.enabled”, false);
user_pref(“network.http.altsvc.oe”, false);
user_pref(“plugin.default.state”, 0);
user_pref(“security.cert_pinning.enforcement_level”, 2);
user_pref(“security.certerrors.mitm.auto_enable_enterprise_roots”, false);
user_pref(“security.family_safety.mode”, 0);
user_pref(“webgl.disable-fail-if-major-performance-caveat”, true);

user_pref(“dom.push.enabled”, false);
user_pref(“identity.fxaccounts.enabled”, false);
user_pref(“javascript.options.baselinejit”, false);
user_pref(“javascript.options.ion”, false);
user_pref(“javascript.options.native_regexp”, false);
user_pref(“media.autoplay.default”, 5);
user_pref(“media.autoplay.blocking_policy”, 2);
user_pref(“media.gmp-gmpopenh264.enabled”, false);
user_pref(“media.gmp-gmpopenh264.autoupdate”, false);
user_pref(“media.gmp-gmpopenh264.provider.enabled”, false);
user_pref(“media.gmp-gmpopenh264.visible”, false);
user_pref(“media.gmp-manager.url”, “data:text/plain,”);
user_pref(“media.gmp-manager.url.override”, “data:text/plain,”);
user_pref(“pdfjs.enableScripting”, false);
user_pref(“signon.rememberSignons”, false);

user_pref(“browser.chrome.site_icons”, false);
user_pref(“browser.eme.ui.enabled”, false);
user_pref(“browser.sessionstore.max_tabs_undo”, 0);
user_pref(“browser.sessionstore.max_windows_undo”, 0);
user_pref(“dom.event.clipboardevents.enabled”, false);
user_pref(“gfx.direct2d.disabled”, true);
user_pref(“gfx.downloadable_fonts.enabled”, false);
user_pref(“gfx.font_rendering.opentype_svg.enabled”, false);
user_pref(“gfx.font_rendering.graphite.enabled”, false);
user_pref(“layout.css.font-loading-api.enabled”, false);
user_pref(“media.autoplay.default”, 5);
user_pref(“media.autoplay.blocking_policy”, 2);
user_pref(“media.hardware-video-decoding.enabled”, false);
user_pref(“privacy.clearOnShutdown.siteSettings”, true);
user_pref(“privacy.cpd.siteSettings”, true);
user_pref(“pdfjs.disabled”, true);

user_pref(“browser.urlbar.suggest.bookmark”, false);
user_pref(“browser.urlbar.suggest.openpage”, false);
user_pref(“browser.urlbar.suggest.engines”, false);

user_pref(“privacy.trackingprotection.pbmode.enabled”, false);
user_pref(“privacy.prioritizeonions.showNotification”, false);
user_pref(“privacy.prioritizeonions.enabled”, true);
user_pref(“pref.downloads.disable_button.edit_actions”, false);
user_pref(“browser.new_identity.confirm_newnym”, true);
user_pref(“browser.bookmarks.addedImportButton”, true);
user_pref(“layout.css.font-visibility.resistFingerprinting”, 1);
user_pref(“media.peerconnection.enabled”, false);
user_pref(“webgl.disabled”, false);
user_pref(“webgl.min_capability_mode”, true);
user_pref(“webgl.enable-webgl2”, false);
user_pref(“webgl.min_capability_mode”, false);
user_pref(“webgl.disable-extensions”, true);
user_pref(“privacy.resistFingerprinting”, true);
user_pref(“privacy.resistFingerprinting.letterboxing”, true);
user_pref(“privacy.resistFingerprinting.block_mozAddonManager”, true);
user_pref(“dom.webaudio.enabled”, false);
user_pref(“media.navigator.enabled”, false);
user_pref(“geo.enabled”, false);
user_pref(“geo.provider.network.url”, “”);
user_pref(“geo.provider.use_geoclue”, false);
user_pref(“geo.provider.use_corelocation”, false);
user_pref(“geo.provider.use_gpsd”, false);
user_pref(“geo.provider.ms-windows-location”, false);
user_pref(“geo.provider.use_corelocation”, false);
user_pref(“geo.provider.use_gpsd”, false);
user_pref(“geo.provider.use_geoclue”, false);
user_pref(“intl.accept_languages”, “en-US, en”);
user_pref(“javascript.options.asmjs”, false);
user_pref(“javascript.options.wasm”, false);
user_pref(“browser.laterrun.enabled”, false);
user_pref(“distribution.iniFile.exists.value”, false);
user_pref(“dom.security.https_only_mode_ever_enabled_pbm”, true);
user_pref(“mathml.disabled”, true);
user_pref(“services.sync.prefs.sync.pref.downloads.disable_button.edit_actions”, true);
user_pref(“browser.bookmarks.addedImportButton”, true);
user_pref(“browser.bookmarks.restore_default_bookmarks”, false);
user_pref(“browser.security_level.noscript_inited”, true);
user_pref(“browser.security_level.security_custom”, false);
user_pref(“browser.security_level.security_slider”, 1);
user_pref(“browser.startup.couldRestoreSession.count”, 1);
user_pref(“browser.contentblocking.category”, standard);
user_pref(“browser.download.panel.shown”, false);
user_pref(“browser.download.viewableInternally.typeWasRegistered.avif”, true);
user_pref(“browser.download.viewableInternally.typeWasRegistered.webp”, true);
user_pref(“browser.engagement.downloads-button.has-used”, false);
user_pref(“browser.engagement.home-button.has-used”, true);
user_pref(“browser.security_level.noscript_inited”, true);
user_pref(“browser.security_level.security_custom”, false);
user_pref(“distribution.iniFile.exists.value”, false);
user_pref(“doh-rollout.doneFirstRun”, true);
user_pref(“doh-rollout.home-region”, US);
user_pref(“dom.security.https_only_mode_ever_enabled”, true);
user_pref(“dom.security.https_only_mode_ever_enabled_pbm”, true);
user_pref(“dom.security.https_only_mode_send_http_background_request”, false);
user_pref(“privacy.history.custom”, true);
user_pref(“toolkit.telemetry.reportingpolicy.firstRun”, false);
user_pref(“intl.language_notification.shown”, true);
user_pref(“pdfjs.migrationVersion”, 2);
user_pref(“browser.bookmarks.addedImportButton”, true);
user_pref(“privacy.resistFingerprinting.randomization.enabled”, true);
user_pref(“privacy.resistFingerprinting.randomization.daily_reset.enabled”, true);
user_pref(“privacy.trackingprotection.enabled”, false);
user_pref(“browser.bookmarks.addedImportButton”, true);
user_pref(“basebrowser.migration.version”, 1);
user_pref(“browser.bookmarks.addedImportButton”, true);
user_pref(“browser.toolbars.bookmarks.visibility”, never);
user_pref(“extensions.blocklist.pingCountVersion”, 0);
user_pref(“browser.bookmarks.addedImportButton”, true);
user_pref(“toolkit.telemetry.coverage.opt-out”, true);
user_pref(“storage.vacuum.last.index”, 0);
user_pref(“extensions.hideNoScript”, false);
user_pref(“browser.bookmarks.addedImportButton”, true);
user_pref(“network.IDN_show_punycode”, false);
user_pref(“network.auth.subresource-http-auth-allow”, 1);
user_pref(“media.peerconnection.ice.relay_only”, true);
user_pref(“media.peerconnection.use_document_iceservers”, false);
user_pref(“media.navigator.video.enabled”, false);
user_pref(“cookiebanners.service.mode.privateBrowsing”, 1);
user_pref(“cookiebanners.service.mode”, 1);
user_pref(“dom.textMetrics.actualBoundingBox.enabled”, false);
user_pref(“extensions.torlauncher.prompt_at_startup”, false);
user_pref(“browser.bookmarks.addedImportButton”, true);
user_pref(“media.webspeech.synth.enabled”, false);

1 Like
4

nice @CrackMap . I use something similar to this config also. Any json file to avoid a manual config. Don’t get me wrong, the manual method allows users to understand what they are doing before upgrading to json file for automatic browser read. also users might find this helpful to check for browser leaks: https://coveryourtracks.eff.org/ or https://browserleaks.com/

:slight_smile:

5

nice @therealavatar
An FF ESR in the tor network must have almost the same configuration as a tor browser
and also use only 1 addon (NoScript) and also NoScript the same configuration as in the tor-browser.
with my script you reach a 0. 02% difference.
so you are in the tor network fish-schwarm.
if you have a different setting in your browser, and several addon’s, then you are no longer anonymous and are outside of the fish-swarm.

note; 1 error in the Tor network, and you are anonymized.

cheers . . . :slight_smile:

https://abrahamjuliot.github.io/creepjs/

my script for NoScript (only Tor-Network);;

{
“policy”: {
“DEFAULT”: {
“capabilities”: [
“frame”,
“other”,
“noscript”
],
“temp”: false
},
“TRUSTED”: {
“capabilities”: [
“fetch”,
“font”,
“frame”,
“media”,
“object”,
“other”,
“script”,
“webgl”,
“noscript”
],
“temp”: false
},
“UNTRUSTED”: {
“capabilities”: [
“frame”,
“noscript”
],
“temp”: false
},
“sites”: {
“trusted”: ,
“untrusted”: ,
“custom”: {}
},
“enforced”: true,
“autoAllowTop”: false
},
“local”: {
“debug”: false,
“showCtxMenuItem”: true,
“showCountBadge”: true,
“showFullAddresses”: false,
“amnesticUpdates”: false,
“storage”: “local”,
“uuid”: “119049ee-7306-4dc6-a653-66e436f1ffe3”,
“isTorBrowser”: true
},
“sync”: {
“global”: false,
“xss”: true,
“TabGuardMode”: “incognito”,
“cascadeRestrictions”: true,
“overrideTorBrowserPolicy”: false,
“storage”: “sync”
},
“xssUserChoices”: {}
}

cheers . . . :slight_smile:

6

my mistake; sorry !

my clock is now showing 04:53 AM

! ! ! Note; 1 mistake and you are deamonized ! ! !

cheers . . . :slight_smile:

7

9ice!..I actually access tor over using pi with Kali/Parrot. only issue is Tor browser does not support Raspberry PI as it uses an ARM architecture and does not support SSE2. so PI users have to use Firefox over tor. This is a good script to help along the journey for Firefox users over tor network, I did add some additional modification but you get the point user.js - brainfucksec · GitHub … based off the creepjs work link you shared this is also a good privacy leak checker : TZP

Atreus
:slight_smile:

8

After days struggling with the Dialog object (mostly my bad calling wrong method), I added some new lines of code. From now on, system tray’s menu and the title bar will be updated as well as the normal layout. So instead of normal “static” menu, it’ll have “start” or “stop” depends on if surf is running. Meanwhile the title bar will shows the status of anonsurf, replacing the big status Box like in previous version.
Vala helps me produce much cleaner code compare to previous version in Nim, and the syntax helps a lot making the refresher for title bar and system tray’s menu. Cheers!

2 Likes
9

Thank You for all your hard work.

2 Likes
10

The sad truth behind the development

image
image692×500 49.2 KB

11

hahaha… every dev’s nightmare is variable naming… also it would be greater if Anon Surf implements dynamic ip changes for Tor. I currently use Aut (great application too), but the dynamic ip is for web surfing and does not encapsulate the whole NIC like Anon Surf, but it is also great.

cheers! :slight_smile:

12

I’m very confident to say that major parts of AnonSurf is completed. And I have some idea to optimize the GUI, making sure it wont waste resource in the background (and hopefully it helps laptop’s battery’s life even this GUI won’t take so much resource).
I hope this is the last major development change of AnonSurf, so next versions will be improve backend’s quality and update new build following GTK’s update and Tor’s update only.

1 Like
13

cool stuff @dmknght and great to hear. :slight_smile:

14

when should we expect the update.
those sound like major upgrade in functionality

15

Yeah it’s kinda huge update. Code base isn’t that large, but connect all the functions take time. I’m working on optimizing the refresh GUI method which ends up modifying other methods in almost all objects. So I can’t tell when AnonSurf is completed.
An other task is rewrite communication with Tor’s control port in Vala. That shouldn’t be hard. The rest should be easier.