12-30, 16:00–18:00 (Europe/Berlin), CDC Pentagon
Complicated configuration and leaky primitive structures are harmful and continue to plague applications that attempt to integrate with anonymous overlay networks. Let's learn how to treat our users better and build applications which will make privacy the default, and not an add-on.
This workshop/talk is geared toward developers from beginner to expert. Some familiarity with abstract types is helpful but not necessary.
Anonymity networks have, in the past, relied on proxy support in applications or various hacks which cause an application to route some or all of it's traffic over an overlay network. These methods are largely crap, they rarely get better and they often get worse. In this workshop we'll start with an overview of why you shouldn't rely on SOCKS proxification to keep your mainstream application anonymous with specific examples of non-uniform SOCKS proxy support in common applications.
We'll talk briefly about Tor Browser and Qubes-Whonix, who each have a domain-specific solution to this problem, then we'll discuss how you can make your application integrate with anonymous networks in a way which is safe-by-default.
Topics include the Tor Control Protocol, the I2P Control Protocol, the Tor SOCKS extensions and how the Tor SOCKS proxy actually works on an application-to-application basis, and the I2P SAMv3 API. By the end of the workshop you'll be able to build anonymous applications in Go(at least) and probably any language you are familiar with by implementing API's that work directly with the overlay networks in question, instead of relying on standard application proxy settings.