Menu
I would like to contribute anonymously to projects on github. Not to cause mischief, more in the spirit of anonymous donations.
The tool of choice for being anonymous online seems to be TOR, which works well for almost anything you can do in a browser. However, to contribute on github, it appears necessary to use the command line interface, or the Mac app.
How can I channel my git operations in this setup through Tor? And how can I verify that this is actually what is happening?
Edit: please note the difference between pseudonymous (with a fake e-mail address) and anonymous (with an IP address that cannot be associated with an identity). Pseudonymous access to github is trivial; however, I am looking for anonymous access.
772
Have you considered going the old-fashioned 'mail them a patch' route? You could simply check out the repository (using Tor and Git-over-HTTPS if you want), make your improvements, then do a git diff and send the project owners the patch using any anonymous messaging service. Freenet and postal mail come to mind.
Note that if I were the owner of a large(ish) project, I would never ever accept a patch from an anonymous entity, for a few reasons. Even if the person in question isn't necessarily nefarious, having code in the system that nobody is responsible for is a scary thought at best. Also, think about code ownership and copyright troubles.
152
None of these answers give a full useable workflow, I want to git push, not send an email! Here's how to do it properly but there's a bit of setup required. Instructions are for OSX
Download tor browser bundle AND the tor command line proxy
brew install tor
brew cask install torbrowser
1.1 In tor browser, Create a new email address ( I used hmamail).
1.2 In tor browser, Create a new github account
Create a new ssh key, only for tor with your new email address
ssh-keygen -t rsa -b 4096 -C "[email protected]"
2.1. Give it a name like: ~/.ssh/private_tor_rsa
2.2. In github, go to SSH and PGP keys and add a new SSH key, make title memorable.
2.3. In github, set Key to the public key you've just createdclip < ~/.ssh/private_tor_rsa.pub
In github, create an empty repository, let's call it ByteCoin, don't initialise it with a readme.
Edit the ssh config file ~/.ssh/config (create if it doesn't exist)
Host github-tor-alias
User git
HostName github.com
IdentitiesOnly yes
IdentityFile ~/.ssh/tor_only_rsa
ProxyCommand nc -X 5 -x 127.0.0.1:9050 %h %p
You've created a hostname called github-tor-alias and tells ssh to use a proxy on localhost:9050 and use the tor_only_rsa key to authenticate.
Setup the config for your new project to use the tor proxy and credentials.
mkdir secret-project
cd secret-project
git init
git config --add user.name satoshi_2
git config --add user.email [email protected]
5.1. note the ssh://git and github-tor-alias
git remote add origin ssh://git@github-tor-alias/staoshi_2/ByteCoin.git
Remember how you installed the tor command line proxy? start it as a service. It listens on localhost:9050
brew services start tor
Are you ready? Try pushing to github:
git push origin master
Did it work? Go and double check everything, have I missed something? please edit this answer!
breath that free air and get creating!
So what have we just done? we've created a new identity who is associated only with the tor network, as far as github.com is concerned, you are staoshi_2 and could be anywhere in the world.
tor runs a proxy on 127.0.0.1:9050, because we setup a ProxyCommand in the ~/.ssh/config file, all of your traffic goes through the tor proxy, git uses your new ssh key because you added IdentityFile and IdentitiesOnly to your ~/.ssh/config file.
Powerful stuff.
Let's double check that you're really anonymous
stop tor and try to git push again, it had better fail!
ssh_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.
8.1. If that git push succeeded well guess what, you weren't using tor, github.com knows your IP, figure out how to get it working and then start again with a new email address.
anon.
40
Before Tor there were cyber-cafes and wi-fi hotspots. Just because there's an IP associated with your commits doesn't mean it has to be yours.
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
