are you human? do you care about privacy?

bin/psyconf

@@ -511,10 +511,10 @@ then
     git stash save 'changes stashed automatically by psyced -m'
     git merge -s resolve origin
     # restore local changes?
-#   git stash apply
+#   git stash pop
     echo ""
     echo "If you had local changes to your files you can now restore them using"
-    echo "${hi}git stash apply${lo}"
+    echo "${hi}git stash pop${lo}"
     exit
 fi
 

world/default/de/plain.textdb

@@ -4,6 +4,9 @@
 _warning_server_shutdown_temporary
 |Serverneustart: [_reason]
 
+_warning_missing_circuit_encryption
+|Deine Verbindung ist nicht verschlüsselt. Du gefährdest die Privatsphäre anderer Personen!
+
 _status_circuit_encryption_cipher
 |Gratuliere! Deine Verbindung ist mit forward secrecy verschlüsselt ([_circuit_encryption_cipher]).
 

world/default/en/plain.textdb

@@ -1,6 +1,9 @@
 <PSYC:TEXTDB> ## vim:syntax=mail
 ## Check utf-8: Praise Atatürk!
 
+_warning_missing_circuit_encryption
+|Your connection is not encrypted. You are putting other people's privacy at risk!
+
 _status_circuit_encryption_cipher
 |Congratulations. Your connection is encrypted with forward secrecy.
 

world/default/it/plain.textdb

@@ -1,6 +1,9 @@
 <PSYC:TEXTDB> ## vim:syntax=mail
 ## tradotto al 30% ... cerca /TODO/ per continuare
 
+_warning_missing_circuit_encryption
+|La tua connessione non è crittata. Stai mettendo a rischio la privacy di altre persone!
+
 _status_circuit_encryption_cipher
 |Muy bueno! La tua connessione è crittata con forward secrecy.
 

world/net/include/net.h

@@ -276,4 +276,9 @@
 # endif
 #endif
 
+#define PRIVACY_SURVEILLED	 0
+#define PRIVACY_UNKNOWN  	-1
+#define PRIVACY_MITMX509	23
+#define PRIVACY_REASONABLE	44
+
 #endif

world/net/include/place.gen

@@ -487,8 +487,9 @@ enter(source, mc, data, vars) {
 	}
 # endif
 # if defined(SECURE)
-// let people in who are either connected via a SSL/TLS
+// let people in who are either connected via an MITM-prone TLS
-// protocol or are coming from the localhost (probably SSH users).
+// protocol or are coming from the reasonably safe localhost
+// (either SSH or Tor users).
 //
 // both cases are no absolute guarantee for safety.. it is still
 // in the hands of each user in the room to safeguard true secrecy
@@ -497,27 +498,14 @@ enter(source, mc, data, vars) {
 // or belong to a certain group, so you have to use the respective
 // #defines to also ensure that, if that's what you want.
 //
-// -lynX 2004
+// -lynX 2004, updated 2015
-
+//
-	if (!((objectp(source) &&
+	int intimacy = probably_private(source);
-		// should use trustworthy level 9 instead? if so.. how?
-	       (query_ip_number(source) == "127.0.0.1"
-#  ifdef SECURE_IP_NUMBER
-	     || SECURE_IP_NUMBER(query_ip_number(source))
-#  endif
-	     || query_ip_number(source) == __HOST_IP_NUMBER__ ))
-#  if __EFUN_DEFINED__(tls_query_connection_state)
 		// psyc client.. may also one day be a psyc server, in that
 		// case we have to hope the rest of the link is secured, too
-	     || (objectp(vars["_INTERNAL_origin"]) 
+	if (intimacy == PRIVACY_UNKNOWN)
-		 && interactive(vars["_INTERNAL_origin"]) 
+	    intimacy = probably_private(vars["_INTERNAL_origin"]);
-		 && tls_query_connection_state(vars["_INTERNAL_origin"]))
+	if (intimacy <= PRIVACY_SURVEILLED) {
-		// tls connection, be it telnet irc jabber or https
-		// shouldn't this check happen before "_INTERNAL_origin"? -lynX
-	     || (objectp(source) && interactive(source)
-		 && tls_query_connection_state(source))
-#  endif
-	    )) {
 		sendmsg(source, "_error_place_enter_necessary_encryption",
 	"[_nick_place] may only be accessed by clients with enabled encryption.",
                     ([ "_nick_place" : qName() ]) );

world/net/library/tls.c

@@ -186,3 +186,44 @@ string tls_bad_cipher(object sock, string scheme) {
     return 0;
 }
 
+// Do not use server technologies like psyced for strong
+// privacy or anonymity requirements. Get started using
+// distributed technologies instead. Check out:
+//	http://youbroketheinternet.org
+//	http://secushare.org
+// But if you're happy with half-baked security, here you
+// have it:
+//					-lynX 2015
+//
+int probably_private(object source) {
+	// object has no TCP to it. you have to ask its circuit.
+	unless (objectp(source) && interactive(source))
+	    return PRIVACY_UNKNOWN;
+	// should use trustworthy level 9 instead? if so.. how?
+	if (query_ip_number(source) == "127.0.0.1"
+		// query_ip_number() efun is faster than a local 
+		// LPC variable, so it is fine we call it often
+             || query_ip_number(source) == __HOST_IP_NUMBER__
+#  ifdef SECURE_IP_NUMBER
+             || SECURE_IP_NUMBER(query_ip_number(source))
+#  endif
+	// People coming from localhost have either made it
+	// through SSH's reasonable certificate pinning or
+	// Tor's public-key based addressing.. both provide
+	// reasonable protection from men in the middle, if
+	// only the server itself could be considered secure.
+	//
+	) return PRIVACY_REASONABLE;
+#  if __EFUN_DEFINED__(tls_query_connection_state)
+	// Alas, this person is using a TLS/SSL-enhanced
+	// access protocol which, unless the client implements
+	// certificate pinning, is susceptible to man in the
+	// middle attacks. Find out more on this topic on
+	// http://patrol.psyced.org
+	//
+        if (tls_query_connection_state(source))
+	    return PRIVACY_MITMX509;
+#  endif
+	return PRIVACY_SURVEILLED;
+}
+

world/net/tn/server.c

@@ -8,18 +8,27 @@
 
 qScheme() { return "tn"; }
 
-logon() {
+human(x) {
-	// first check limits and authlocal, then show banner
+	x = lower_case(x);
-	if (::logon()) {
+	unless (abbrev(x, "yes") || abbrev(x, "ja") || abbrev(x, "si") || abbrev(x, "zes")) {
-//		unless (nick) {
+		emit("\nSorry, no other species welcome currently.\n\n");
-			cat(TELNET_PATH "clear.vt");
+	}
-			cat("/local/banner.txt");
+		// now check limits
-//		}
+	else if (::logon()) {
 		// takes a little tweaking to use T() here
 		emit("Name: ");
 	}
 }
 
+logon() {
+	if (nick) return ::logon(); // authlocal
+	cat(TELNET_PATH "clear.vt");
+	cat("/local/banner.txt");
+	input_to(#'human, INPUT_IGNORE_BANG);
+	// takes a little tweaking to use T() here
+	emit("Are you human? ");
+}
+
 password(a) {
 	// send IAC + WONT + ECHO to go to echo-mode again
 #ifdef OLD_HACKS_WE_PROBABLY_NO_LONGER_NEED
@@ -67,7 +76,7 @@ hello(ni) {
 //
 // only the PROMUVE will need this, as the freemuve isn't accepting "." and
 // ":" in nicknames anyways (PROMUVE converts those to "_").
-#ifdef PRO_PATH
+#if 0 //def PRO_PATH
 # if 0
 	{ int i1, i2, i3, i4, i5;
 	    if (strstr(ni, "://") > 0 ||
@@ -83,7 +92,8 @@ hello(ni) {
 		return 1;
 	}
 # else
-	if (abbrev("GET ", ni) || abbrev("POST ", ni)
+	// we could simply disallow space in the name here...
+	if (abbrev("GET ", ni) || abbrev("POST ", ni) || abbrev("OPTIONS ", ni)
 			       || abbrev("CONNECT ", ni)) {
 		// hehe.. we could htredirect proxyscanners to our www port   ;)
 		emit("Dumbhead.\n<h1>Don't you have a telnet client?</h1>\n");
@@ -95,7 +105,7 @@ hello(ni) {
 	return ::hello(ni);
 }
 
-#ifdef BRAIN
+#if 0 //def BRAIN
 morph() {
        if (user->isNewbie())
 	   emit("\nSorry, no unregistered users currently.\n\n");

world/net/user.c

@@ -1572,13 +1572,22 @@ logon() {
 	string evil;
 
 	if (tls_query_connection_state(ME) == 1) {
-	    if (evil = tls_bad_cipher(ME, t)) {
+	    // evil TLS ciphers are no problem if the connection is being
-		// i bet jabber users will love this
+	    // tunneled through SSH or Tor, so we shut up in that case.
+	    if (probably_private(ME) < PRIVACY_REASONABLE &&
+		    (evil = tls_bad_cipher(ME, t))) {
+		// Seems to affect only pidgin for linux prior to 2015
                 w("_warning_circuit_encryption_cipher", 0, ([ "_circuit_encryption_cipher": evil ]));
 		//return remove_interactive(ME);
 	    } else {
                 unless (beQuiet) w("_status_circuit_encryption_cipher");
 	    }
+	} else if (!probably_private(ME)) {
+	    w("_warning_missing_circuit_encryption"
+# ifdef _warning_missing_circuit_encryption
+	      , _warning_missing_circuit_encryption
+# endif
+	    );
 	}
 #endif
 	// cannot if (greeting) here this since jabber:iq:auth depends on this