how to route the netlify app (or any other, but selectively if possible) through Tor

[sentinel166]

Hi,
I wish to upload my website anonymously, without people tracking my IP.
Is it possible to route the traffic created by the netlify (linux) app through Tor ?
I use `sudo netlify deploy --prod`, is there something like "torproxy -c netlify deploy --prod" ? I’m open for any possibility. For now tor.service fails and I don't know why.
It's important as I'll be going to a repressive country and do not intend to stop my activism, nor sleep in prison cells.

drm@dr-80qr ~ (main)> sudo torctl start
[sudo] password for drm:
--==[ torctl.sh by blackarch.org ]==--

[!] WARNING: backing up tor config
[+] backed up tor config
[*] backing up nameservers
[+] backed up nameservers
[*] backing up iptables rules
[+] backed up iptables rules
[*] backing up sysctl rules
[+] backed up sysctl rules
[!] WARNING: configuring tor
[+] configured tor
[!] WARNING: configuring nameservers
[+] configured nameservers
[!] WARNING: tor is running
[*] reloading tor service
Job for tor.service failed.
See "systemctl status tor.service" and "journalctl -xeu tor.service" for details.
[-] ERROR: unable to reload tor service
drm@dr-80qr ~ (main) [1]> journalctl -xeu tor.service
░░
░░ A reload job for unit tor.service has finished.
░░
░░ The job identifier is 22749 and the job result is failed.
mars 19 15:12:40 dr-80qr systemd[1]: Reloading Anonymizing overlay network for>
░░ Subject: A reload job for unit tor.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A reload job for unit tor.service has begun execution.
░░
░░ The job identifier is 22839.
mars 19 15:12:40 dr-80qr kill[483331]: kill: sending signal to 468977 failed: >
mars 19 15:12:40 dr-80qr systemd[1]: tor.service: Control process exited, code>
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ An ExecReload= process belonging to unit tor.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
mars 19 15:12:40 dr-80qr systemd[1]: Reload failed for Anonymizing overlay net>
░░ Subject: A reload job for unit tor.service has finished
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A reload job for unit tor.service has finished.
░░
░░ The job identifier is 22839 and the job result is failed.

 

[KGIII]

The only ones who'd know your upload IP address would be your hosting company.

That's not something that gets included in your website.

The most likely reasons to hide your IP address when uploading a website would be nefarious. Hiding your IP address from your hosting company isn't going to help with anything unless you've got great OpSec. The hosting company is going to turn over your emails, your email address, your funding method, and all the log...

 

[sentinel166]

yes and I want to hide where and what I upload things (and encrypt the traffic) from my internet provider. It doesn't imply criminal activity. It's just called not wanting a repressive government hinders one's freedom of speech. Not everyone has the luxury of living in America, in that regard.
I want the provider to only see a Tor traffic, and the hosting site shouldn't know the IP either.

 

[KGIII]

Your hosting company probably only supports FTP, but if they support SFTP you can have your uploads encrypted. You can also maybe use FTP over TLS sometimes, though that's weak encryption these days.

Again, you'll need really good OpSec. When you signed up for the hosting company, they asked for an email address. Did you use TOR when you signed up for that email address? When you signed up for your account at your hosting company, did you use TOR during that process? Did you use TOR every time you logged into your account - and every time you logged into your email?

Then, there's your email account... That connects you to any sites you've maybe used where you've used that address to sign up. Did you use TOR for all that? If your government is that repressive, maybe you'd be better off hosting your content on a .onion domain and remaining on the TOR network?

Next, depending on how skilled your government is, if you use TOR to connect to the real web - *at all* - the your government can do what's known as a timing attack. They can see when packets entered the system and when they exited the TOR exit node. By examining these packets' timing, they can figure out who sent them. TOR is only truly secure so long as you remain within their network - on .onion domains - and have a 100% effective operational security policy that you never deviate from.

If your government is that regressive, listening to me may save your life.

But, if you can't get TOR to work properly and routing the entire system's traffic through it, you can *maybe* use your hosting company's online file manager. Assuming you're using cPanel, it's under "Files" in there.

 

[sentinel166]

Your hosting company probably only supports FTP, but if they support SFTP you can have your uploads encrypted. You can also maybe use FTP over TLS sometimes, though that's weak encryption these days.

Again, you'll need really good OpSec. When you signed up for the hosting company, they asked for an email address. Did you use TOR when you signed up for that email address? When you signed up for your account at your hosting company, did you use TOR during that process? Did you use TOR every time you logged into your account - and every time you logged into your email?

Then, there's your email account... That connects you to any sites you've maybe used where you've used that address to sign up. Did you use TOR for all that? If your government is that repressive, maybe you'd be better off hosting your content on a .onion domain and remaining on the TOR network?

Next, depending on how skilled your government is, if you use TOR to connect to the real web - *at all* - the your government can do what's known as a timing attack. They can see when packets entered the system and when they exited the TOR exit node. By examining these packets' timing, they can figure out who sent them. TOR is only truly secure so long as you remain within their network - on .onion domains - and have a 100% effective operational security policy that you never deviate from.

If your government is that regressive, listening to me may save your life.

But, if you can't get TOR to work properly and routing the entire system's traffic through it, you can *maybe* use your hosting company's online file manager. Assuming you're using cPanel, it's under "Files" in there.

I see...
I thought of going on app.netlify.com on Torbrowser. But it's uselessly slow. The mails used before did not connect easily to my identity, but I never cared to hide the IP before. But it's tree that if push comes to shove the gov' could ask netlify to run through their records. But I would have moved from the old places with those IP since long, and those countries are not within the sphere of influence of that country.
I'll think about an onion site but in the meanwhile, I think Tor is more than sufficient to stay under the radar. I'm not pursued like Edward Snowden !
so if you have an idea how to use netlify-cli with Tor...

 

[KGIII]

I'm not pursued like Edward Snowden !

That's good! We have one (that I know of) user that's in a rather restrictive country (we don't allow political discussion here) and I sometimes worry about them doing anything that identifies to the powers that be.

It's exceedingly hard to have any sort of true anonymity online. If you've changed addresses there's nothing stopping a government from asking who used to live there. Plus, they may not care much for the 'rule of law' or anything like that.

If it's not too important, you can host it on a .onion domain.

If it's really important, there are anonymous drop-boxes that you can use to contact journalists.

A web site is something sustained and, presumably, gets constant work and updates. You'd have to *never* make a mistake. That's a whole lot of pressure.

I'd suggest maybe taking a look at TAILS which should route all traffic over the TOR network, as far as I know...

Tails: https://tails.boum.org/index.en.html

See also:

Only connection via Tor for the entire operating system

On mobile, formatting will be kinda shitty. But I was searching for a solution like this not long ago without having to use a different machine or OS. This thing is sort of hit and miss, but with a bit of creative finagling, it works. I can personally confirm it works on Ubuntu 22.04 KDE...

forum.torproject.net

 

[Zev]

I second KGIII's recommendation to use Tails, you can bring your very own secure environment anywhere you go in the form of an USB Stick.