Automated install script

[chaserileyroberts]

Added by @durbanpoison: Closes #5

[durbanpoison]

It just occurred to me that the user of this script will need a private way to obtain the script. The goal of this project is to ensure that a user's IP address is not exposed to any Zcash services. However by downloading this script before Tor is installed, they would be exposing their IP address to a Zcash-related service (this repo).

So maybe what we should do is have the Tor installation done manually, then doing everything else via script and include instructions for downloading the script over Tor. What do you think?

[chaserileyroberts]

Oh good point.

Easiest thing to do would have the user access this script through the Tor browser. But that seems clunky.

It might make sense to have a README that tells the user to install Tor curl command, then install the script. But then it becomes a cumbersome two step process rather than one step.

Let me sleep on it and I'll think of something.

[durbanpoison]

It might make sense to have a README that tells the user to install Tor curl command, then install the script. But then it becomes a cumbersome two step process rather than one step.

Ok. If it has to be two steps then so be it. In this house we prefer security over convenience.

[chaserileyroberts]

Alright, I think I've figured it out.

sudo apt-get install tor
service tor start
curl --socks5-hostname localhost:9050 $LINK_TO_SCRIPT > zcash-tor-install.sh
sudo ./zcash-tor-install.sh

If you run the above, downloading the script will happen through tor. Slightly more clunky but more secure by your requirements.

[durbanpoison]

That satisfies my requirements, thank you @Thenerdstation. I am going to solicit another set of eyes for review. If the review goes well and the script gets merged then I will pay out the bounty. Will follow up shortly after the review.

[chaserileyroberts]

Whenever you feel comfortable

zcdEX6k9rCbgyopfwwx23mF6tnot5dpMpxLBtt59QWq93voBq4kJjj1dhiCyG7Vjtw4fAzmDRHAGf8usiMr8S9xAYSsFdPL

[chaserileyroberts]

Any updates on getting this reviewed by another person?

[durbanpoison]

Thanks for the review @ConnorFoody. And thanks for your patience @Thenerdstation. I have one more person on the review and they said they would find time this week to do it.

Once this PR gets merged I will be happy to give 0.05 ZEC as a bounty for reviewing to @ConnorFoody - just leave a z-address as a comment here and I'll add it to the payout.

@Thenerdstation I noticed that the last comment on @ConnorFoody's review was 11 days ago but the last commit was 13 days ago. Do you intend to make any changes before the review is complete and the PR is merged?

[chaserileyroberts]

Made some fixes based on Connors comments (forgot to push sorry).

In order to prevent tor service being active without it being clear, I split up the zcash and the tor installs. Now it forces the user to do 'sudo service tor start'. It's more steps but at least the user will be more aware as to what is happening with their system.

[durbanpoison]

Thanks @Thenerdstation. Two final requests:

1. Can you please add a docs.md file to this PR with instructions for using the script (how to download, install, run privately, etc) as well as a "layman friendly" rundown of what the script is doing?

2. The second review I asked for came in. It's from @jfeldis, engineer at Bitseed. Please read his comments when you have a moment and let me know if you plan to make any changes based on this review. If this advice is sound it may influence changes in the manual "line by line" guide currently in the README as well.

After (1) is fulfilled I will merge this PR and pay out the bounty. (2) would be helpful but is not needed to complete the bounty.

@jfeldis' review comments:

I took a look at your setup for Tor. My experience is with Bitcoin core, but I think zcash is based on bitcoin core, so hopefully my comments apply to zcash as well.

I have been told that one must be cautious about using a proxy to route traffic over tor via port 9150. DNS lookups may not route via the proxy (DNS leaks) and some applications may not completely respect the proxy settings. IPv6 could also leak traffic. You might consider using UFW to close all incoming and outgoing ports except what Tor needs. Even with that, any open port can still leak. Tor browser is specifically design not to leak, so for setup, it might be safer to use Tor browser on another machine inside the same NAT to download files, and then transfer to the bitseed inside the NAT.

While routing zcash to port 9150 will work, I know that bitcoin core has specifically moved to using cookie authentication between bitcoind and tor, allowing bitcoin to directly set up a hidden service at startup. I think this is considered more secure than using port 9150. Why not use the built-in direct authentication with Tor? (assuming zcash has ported this from bitcoin)

By restricting zcash to only 8 outgoing connections, most of which you are adding manually, I worry that the node's connections may be rather static, making it easier to triangulate on which transactions are coming from your node. If you have dozens of changing peers, I would think tx originating from your node may be harder to identify. In addition, by supporting more peer connections, the zcash tor network will be stronger and more secure.

I am not an Tor expert, so please just take this as my 2 cents

[durbanpoison]

@ConnorFoody @jfeldis thank you both for your reviews! Please share a Zcash z-address in a comment here if you would each like to claim a bounty of 0.05 ZEC for the reviews.

[chaserileyroberts]

Alright, my changes from his review.

I have been told that one must be cautious about using a proxy to route traffic over tor via port 9150. DNS lookups may not route via the proxy (DNS leaks)

This is a big deal. There are 3 things that run through tor: curl, zcashd, and the apt-get install.

I went through and verified that every curl call used '--socks5-hostname' and not just '--socks5' as that will force curl to do DNS lookup through tor.

I had to add dnsseed=0 for the zcash.conf. This turns off DNS lookup. We can't connect to any nodes we haven't added, but better safe than sorry.

For apt-get, I couldn't confirm on DNS lookup, but I added torsocks to be doubly sure. We force zcash to be from an onion service, so it should be fine, but the added torsocks should at least help.

You might consider using UFW to close all incoming and outgoing ports except what Tor needs. Even with that, any open port can still leak. Tor browser is specifically design not to leak, so for setup, it might be safer to use Tor browser on another machine inside the same NAT to download files, and then transfer to the bitseed inside the NAT.

This feels excessive, especially since we don't know what else the user is doing on the system. The goal of these scripts is to make sure the users IP never touches anything zcash related, not necessarily fully anonymize the entire system.

While routing zcash to port 9150 will work, I know that bitcoin core has specifically moved to using cookie authentication between bitcoind and tor, allowing bitcoin to directly set up a hidden service at startup. I think this is considered more secure than using port 9150. Why not use the built-in direct authentication with Tor? (assuming zcash has ported this from bitcoin)

This does exist and is described here. It seems like the cookie stuff is just for setting up your own service, which we don't do here (but should add later!)

By restricting zcash to only 8 outgoing connections, most of which you are adding manually, I worry that the node's connections may be rather static, making it easier to triangulate on which transactions are coming from your node. If you have dozens of changing peers, I would think tx originating from your node may be harder to identify. In addition, by supporting more peer connections, the zcash tor network will be stronger and more secure.

This is a super good point. Modified maxconnections to be 100. Though during my testing it never got above 8 connections. Not sure why...

[durbanpoison]

@Thenerdstation This is looking very good, thank you. One thing missing from the documentation: how to download the scripts and navigate to the directory where the scripts are located so that when the user enters the run commands they are executed properly. Please add these instructions and I will consider this task done.

Edit: I have created an issue to investigate the maxconnections issue here.

[chaserileyroberts]

Done! I've tried to make it as user friendly as possible.

[durbanpoison]

@Thenerdstation Thank you for those additions. I ran a test on my local machine. The "fancy" way returned this response to the command torsocks wget...

torsocks wget https://github.com/durbanpoison/zcash-tor/archive/master.zip
--2018-06-16 xx:xx:xx-- https://github.com/durbanpoison/zcash-tor/archive/master.zip
Resolving github.com (github.com)... 192.30.253.112
Connecting to github.com (github.com)|192.30.253.112|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://codeload.github.com/durbanpoison/zcash-tor/zip/master [following]
--2018-06-16 xx:xx:xx-- https://codeload.github.com/durbanpoison/zcash-tor/zip/master
Resolving codeload.github.com (codeload.github.com)... 192.30.253.120
Connecting to codeload.github.com (codeload.github.com)|192.30.253.120|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/zip]
Saving to: ‘master.zip’

I don't see any obvious indicators that the download is going through Tor but I'm also not familiar with how Torsocks looks in the terminal. Could you confirm for me that the download is going through Tor with the torsocks command?

[chaserileyroberts]

Sure. The easiest way to make sure torsocks is working is to run this command

torsocks wget -qO- https://check.torproject.org/ | grep -E "Congratulations|Sorry"

You should see the terminal print out "Congratulations. This browser is configured to use Tor." if everything is working. I'll add this step to the "fancy" way.

[durbanpoison]

Thanks @Thenerdstation. Your PR has been merged and the bounty has been paid! I put a little extra on top too, as thanks for your patience during the review.

I was able to get everything working on my local machine, but ran into trouble when working on my remote machine (Bitseed).

I received an error message after entering this command:

$ torsocks wget -qO- https://check.torproject.org/ | grep -E "Congratulations|Sorry"
[Jun 18 xx:xx:xx] WARNING torsocks[2299]: [connect] Connection to a local address are denied since it might be a TCP DNS query to a local DNS server. Rejecting it for safety reasons. (in tsocks_connect() at connect.c:186

I could not proceed further than this on remote machine.

I found a bug report on the Tor website that seems related:

https://trac.torproject.org/projects/tor/ticket/13184

But am unsure how to actually make it work.

Do you have any ideas?