I’ve submitted a pull request over on the Known project git repo that allows you to specify a CURL proxy connect string (which has since been merged).

If specified, this connection string will make all web service and web mention calls be sent via a proxy server.

This was a relatively small change, but is useful in many ways – for example, for communicating through a corporate firewall. It is also provides a way of routing Known to Known communication over TOR.

Why would you want to do this?

Well, this is part of an ongoing effort to harden Known against the new attack realities we face on the internet in the 21st century.

One of the things that the Snowden documents have revealed, is that the bad guys are particularly interested in harvesting everyone’s social graph – who knows who – so that they can, among other things, automate guilt by association.

Going to some lengths to hide this information from an attacker sitting on the wire, is therefore, a prudent thing to do.

Ok, how?

  • Install the TOR proxy on your server; this may just be as simple as typing apt-get install tor.
  • By default the tor package only installs the client, so you’ll need to modify the config to open up a SOCKS relay.
  • Next, tell your known site to use this relay; open your config.ini and set the proxy_string:
proxy_string = 'socks5://path.to.tor.proxy:9100'

Gotchas

Routing over TOR is only part of the solution of course. For the communication to be properly safe, you should also encrypt the communication using HTTPS.

Unfortunately, whether a connection is conducted over encrypted HTTPS or not is largely up to your friend’s webserver. But, you wouldn’t be silly enough to run unencrypted, right?

Given the numbers of nasty attacks that can be launched against an unencrypted web connection, the internet at large is now moving towards deprecating unencrypted port 80 HTTP. Google search results will now give preferential treatment to encrypted websites, so that’s another reason!

So, don’t be part of the problem. Have fun!

9 thoughts on “Masking your Known social graph with TOR

  1. Ello, Known, #indieweb, and life after “Peak Facebook”

    5 min read

    People are intrigued when they hear that I’m working on some new
    social network software, but they’re also skeptical. Facebook seems so
    dominant, is there room for anything else? When they describe their personal Facebook experience, though, most
    folks don’t seem to be enjoying it all that much. Ads, feeling like a
    lab rat being experimented on, ads, trying to get privacy settings
    right, ads, friends whose accounts got suspended and had to send in a
    copy of their drivers license to get it back, ads … And for a lot of people, scrolling through their feed on Facebook
    feels kind of like watching a mediocre TV show: mildly engaging in a
    mind-numbing way, but basically like a waste of time. By the time we’re
    done talking, a surprising number of people agree with me that yes,
    there may well be room for something besides Facebook.ElloThe
    artists, designers, and developers who created Ello presumably had some
    similar conversations with their friends, and came to the same
    conclusion: a lot of people are ready for something different. And
    talk about good timing! Not long after Ello launched their
    invitation-only beta test, Facebook reignited the nymwars by suspending
    drag queens’ accounts. A surge of interest in the LGBTQ community lead
    to broader visibility and reams of press coverage.Turns
    out that Ello’s promise of a “simple, beautiful, ad-free” social
    network that’s a tool of empowerment, and the manifesto’s rousing
    conclusion “you are not a product”
    resonate with a heck of a lot of people. The “hockey stick” graph on
    the right gives an idea of how quickly their search results spiked on
    Google. By late last week they were getting 30,000 requests for
    invitations and a wave of largely-positive publicity … every startup’s
    dream “viral launch”.Ello’s functionality is still very basic: feeds, following,
    mentioning people by name, email notifications. You can certainly have
    good conversations with interesting people there — @lynneluvah says it
    reminded her of Vox and/or Live Journal (as @smorespaces points out with an updated feed-style interface). It’s got emoji 🙂
    Visually it’s very distinctive, with monospaced fonts and the
    juxtaposition of circular avatars and square input boxes. It’s
    certainly not Facebook.It’s early days yet for Ello. As Amie Stepanovich and others have pointed out, we’ve yet to see how real their privacy claims are; and more generally, who knows how far they can take this
    early success. No matter how it comes out, kudos to them for getting
    this far! They’ve got a lot of opportunities, as well as some
    challenges; and there’s a lot to learn here. More about that in a
    future post.Known and #indiewebMeanwhile, social publishing startup Known also has a message that’s
    resonating broadly: own your data and control your feed. Known lets
    you share whatever you post to social networks like Facebook, Twitter,
    SoundCloud and see the responses; so you can spend less time on Facebook
    without completely cutting your ties.Known’s open-source, so others can build on it — and contribute back to the community, as Marcus Povey has with the LinkedIn integration and routing over Tor.
    It’s self-hostable: you can run it on your own domain if you want to,
    or you can use their easy-to-setup hosted site). And like Ello, it’s a
    collaboration between a designer (Erin Jo Richey) and a developer (Ben
    Werdmuller, co-founder of elgg).I’m pretty excited about Known, and in fact I’ve switched over to it
    for TapestryMaker’s blogging. And more generally, I’m excited about the
    broader Indieweb movement that
    Known’s aligned with.* Indieweb’s all about being decentralized:
    instead of having a single site control everything, there are lots of
    sites interacting with each other (which means that Known can
    interoperate with other Indieweb-compatible sites). I went to
    Indiewebcamp in June, and was blown away by how much energy there is …
    literally dozens of developers working on various projects. And as new social networks like Ello come along, no problem: they can be
    integrated with Indieweb sites just like Facebook and all the others.Life after “Peak Facebook”
    Of course, there are still some pieces missing. Ello launched without
    the ability to block annoying users. Known is working on granular
    privacy controls (if you’re self-hosting, you can enable them now by
    turning on “experimental mode”). And beyond that, sharing and
    following people’s streams is only a piece of what people want in an
    online home — the TapestryMaker prototype also has group discussions,
    private messages, group chat, streaming audio (DJ Anomaly did a special
    set for our party in August!), and a heavily-customizable user
    interface.Still, the excitement Ello and Known are sparking is pretty dramatic
    validation of just how tired people are of Facebook treating them as
    products to be experimented on, packaged, and exploited. Facebook’s
    been lucky so far: Diaspora had software engineering challenges and then
    a tragic suicide, Google+ shot themselves in the foot with the original
    nymwars, and acquiring Instagram and WhatsApp staved off a couple more threats. Now, they’ve apologized to the drag queens and the broader LGBT community **; if they listen to suggestions from people like Nadia Kayyali of EFF, they may dodge another bullet.But with the underlying mistrust and dissatisfaction continuing to
    increase (and the continual need to stuff more and more ads down
    people’s throats to make their numbers) they’re increasingly
    vulnerable. And there are starting to be some pretty interesting
    alternatives.
    * Amber Case’s Intro to the Indieweb presentation and Dan Gillmor’s Why the Indieweb movement is so important are good overviews of the Indieweb’s philosophy and progress so far.** The latest in a long list of apologies

Leave a Reply