From 79ffcac22d18525ac4f570813953569c8346618e Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 14 Nov 2022 13:55:38 +0000 Subject: [PATCH 1/3] reduce fingerprinting information accessible to unprivileged sites refs #163 --- src/Config.py | 1 + src/Connection/Connection.py | 2 +- src/Ui/UiWebsocket.py | 86 +++++++++++++++++++++++------------- 3 files changed, 57 insertions(+), 32 deletions(-) diff --git a/src/Config.py b/src/Config.py index 1b621d5d..be0b873e 100644 --- a/src/Config.py +++ b/src/Config.py @@ -101,6 +101,7 @@ class Config(object): self.user_agent = "conservancy" # DEPRECATED ; replace with git-generated commit self.rev = 5036 + self.user_agent_rev = 8192 self.argv = argv self.action = None self.test_parser = None diff --git a/src/Connection/Connection.py b/src/Connection/Connection.py index de95d867..879bcfab 100644 --- a/src/Connection/Connection.py +++ b/src/Connection/Connection.py @@ -369,7 +369,7 @@ class Connection(object): "fileserver_port": self.server.port, "port_opened": self.server.port_opened.get(self.ip_type, None), "target_ip": self.ip, - "rev": 8192, + "rev": config.user_agent_rev, "crypt_supported": crypt_supported, "crypt": self.crypt, "time": int(time.time()) diff --git a/src/Ui/UiWebsocket.py b/src/Ui/UiWebsocket.py index 48a30ee2..e4f98fca 100644 --- a/src/Ui/UiWebsocket.py +++ b/src/Ui/UiWebsocket.py @@ -288,38 +288,62 @@ class UiWebsocket(object): return ret def formatServerInfo(self): - import main - file_server = main.file_server - if file_server.port_opened == {}: - ip_external = None + # unprivileged sites should not get any fingerprinting information + if "ADMIN" in self.site.settings['permissions']: + import main + file_server = main.file_server + if file_server.port_opened == {}: + ip_external = None + else: + ip_external = any(file_server.port_opened.values()) + back = { + 'ip_external' : ip_external, + 'port_opened' : file_server.port_opened, + 'platform' : sys.platform, + 'dist_type' : config.dist_type, + 'fileserver_ip' : config.fileserver_ip, + 'fileserver_port' : config.fileserver_port, + 'tor_enabled' : file_server.tor_manager.enabled, + 'tor_status' : file_server.tor_manager.status, + 'tor_has_meek_bridges' : file_server.tor_manager.has_meek_bridges, + 'tor_use_bridges' : config.tor_use_bridges, + 'ui_ip' : config.ui_ip, + 'ui_port' : config.ui_port, + 'version' : config.version, + 'rev' : config.rev, + 'timecorrection' : file_server.timecorrection, + 'language' : config.language, + 'debug' : config.debug, + 'offline' : config.offline, + 'plugins' : PluginManager.plugin_manager.plugin_names, + 'plugins_rev' : PluginManager.plugin_manager.plugins_rev, + 'user_settings' : self.user.settings, + 'lib_verify_best' : CryptBitcoin.lib_verify_best + } else: - ip_external = any(file_server.port_opened.values()) - back = { - "ip_external": ip_external, - "port_opened": file_server.port_opened, - "platform": sys.platform, - "fileserver_ip": config.fileserver_ip, - "fileserver_port": config.fileserver_port, - "tor_enabled": file_server.tor_manager.enabled, - "tor_status": file_server.tor_manager.status, - "tor_has_meek_bridges": file_server.tor_manager.has_meek_bridges, - "tor_use_bridges": config.tor_use_bridges, - "ui_ip": config.ui_ip, - "ui_port": config.ui_port, - "version": config.version, - "rev": config.rev, - "timecorrection": file_server.timecorrection, - "language": config.language, - "debug": config.debug, - "offline": config.offline, - "plugins": PluginManager.plugin_manager.plugin_names, - "plugins_rev": PluginManager.plugin_manager.plugins_rev, - "user_settings": self.user.settings - } - if "ADMIN" in self.site.settings["permissions"]: - # back["updatesite"] = config.updatesite - back["dist_type"] = config.dist_type - back["lib_verify_best"] = CryptBitcoin.lib_verify_best + back = { + 'ip_external' : None, + 'port_opened' : False, + 'platform' : 'generic', + 'dist_type' : 'generic', + 'fileserver_ip' : '127.0.0.1', + 'fileserver_port' : 15441, + 'tor_enabled' : True, + 'tor_status' : 'OK', + 'tor_has_meek_bridges' : True, + 'tor_use_bridges' : True, + 'ui_ip' : '127.0.0.1', + 'ui_port' : 43110, + 'version' : config.user_agent, + 'rev' : config.user_agent_rev, + 'timecorrection' : 0.0, + 'language' : config.language, #? + 'debug' : False, + 'offline' : False, + 'plugins' : [], + 'plugins_rev' : {}, + 'user_settings' : self.user.settings #? + } return back def formatAnnouncerInfo(self, site): From 9f8524f66d54696c403e55dee9c9a258f60fd031 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 14 Nov 2022 14:28:12 +0000 Subject: [PATCH 2/3] reduce fingerprinting information in siteInfo refs #163 --- src/Ui/UiWebsocket.py | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/src/Ui/UiWebsocket.py b/src/Ui/UiWebsocket.py index e4f98fca..896f5b7c 100644 --- a/src/Ui/UiWebsocket.py +++ b/src/Ui/UiWebsocket.py @@ -262,7 +262,14 @@ class UiWebsocket(object): del(content["signers_sign"]) settings = site.settings.copy() - del settings["wrapper_key"] # Dont expose wrapper key + # remove fingerprinting information for non-admin sites + if 'ADMIN' not in self.site.settings['permissions']: + del settings['wrapper_key'] + settings['added'] = 0 + settings['serving'] = True + settings['ajax_key'] = '' + settings['peers'] = 1 + settings['cache'] = {} ret = { "auth_address": self.user.getAuthAddress(site.address, create=create_user), @@ -281,9 +288,20 @@ class UiWebsocket(object): "workers": len(site.worker_manager.workers), "content": content } + if 'ADMIN' not in self.site.settings['permissions']: + ret.update({ + "content_updated": 0, + "bad_files": len(site.bad_files), # ? + "size_limit": site.getSizeLimit(), # ? + "next_size_limit": site.getNextSizeLimit(), # ? + "peers": 1, + "started_task_num": 0, + "tasks": 0, + "workers": 0, + }) if site.settings["own"]: ret["privatekey"] = bool(self.user.getSiteData(site.address, create=create_user).get("privatekey")) - if site.isServing() and content: + if site.isServing() and content and "ADMIN" in self.site.settings['permissions']: ret["peers"] += 1 # Add myself if serving return ret From f2884f3c7c7a188f1af4e136c5200b7e31c8f371 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 14 Nov 2022 14:32:13 +0000 Subject: [PATCH 3/3] reduce fingerprinting information: trackers refs #163 --- src/Ui/UiWebsocket.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/Ui/UiWebsocket.py b/src/Ui/UiWebsocket.py index 896f5b7c..e982b990 100644 --- a/src/Ui/UiWebsocket.py +++ b/src/Ui/UiWebsocket.py @@ -365,7 +365,11 @@ class UiWebsocket(object): return back def formatAnnouncerInfo(self, site): - return {"address": site.address, "stats": site.announcer.stats} + if "ADMIN" in self.site.settings['permissions']: + stats = site.announcer.stats + else: + stats = {} + return {"address": site.address, "stats": stats} # - Actions -