[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Project idea: TorBox

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Project idea: TorBox
From: adrelanos@xxxxxxxxxx
Date: Tue, 15 Jan 2013 14:37:50 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 15 Jan 2013 17:38:02 -0500
Importance: Normal
In-reply-to: <CAOX7p0YPFGH9bO9qyua7b=a-uWGPCpnqSPdv+6dgqYy4G4GDzw@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAOX7p0YPFGH9bO9qyua7b=a-uWGPCpnqSPdv+6dgqYy4G4GDzw@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: SquirrelMail/1.4.21

Thanks for suggesting this. What you suggest is impossible. Reasons are
below.

> *The TorBox*

There was a project with that name:
https://trac.torproject.org/projects/tor/wiki/doc/TorBOX

It is now called Whonix. For this reasons and also for trademark reasons
please don't use this as name.

> *What is it? *
>
> In short, itâs a little black box you plug into your DSL modem or your
> Fiber socket (or whatever form your broadband connection comes in). At the
> other end of that black box, you connect your computer or even your
> wifi/router. All connections to the internet that you make through this
> black box will be routed through the Tor network *in a secure manner*.

Unfortunately, not possible. It leads to identity correlation through
circuit sharing. Won't only press all stuff one user does but anyone using
that router through same circuit.

There is also exit node eavesdropping and man in the middle attacks
(sslstrip) and accounts (paypal) will get limited if Tor is used to log
in. People who don't understand Tor basics shouldn't use it or have a good
chance to get harmed.

> In
> addition to making your own traffic anonymous, it will also act as either
> a
> bridge or a relay in the Tor network, thereby helping others stay
> anonymous.

See TorRouter.

> *Raison d'Ãtre*:
>
> The reason I think a device such as this is a good idea is that there are
> many things that are inconvenient or even difficult and perhaps insecure
> when using TorBrowser on your laptop or desktop computer.

Agreed.

> Altruism:
>
> The TorBox always acts as either bridge or relay. Always contributes. It
> could also be sold at a slight profit - the surplus going into the
> Torproject. Ideally, all current Tor âclientsâ should run as bridges or
> relays and be up 24/7 - this TorBox would bring the project in that
> direction.

https://www.torproject.org/docs/faq#EverybodyARelay

> Ease of use:
>
> Minimum number of options presented to the user, over a very simple
> interface. Basically âplug and playâ Foolprof Anonymity. Current similar
> projects for running Tor embedded in routers or small âplugâ computers
> demand very much of the user - this would be the opposite!
>
>
> Power consumption:
>
> Leaving my desktop computer on 24/7 draws quite a bit of power. The TorBox
> can be left plugged in, at little cost.
>
> Wear and tear:
>
> Discs and fans fare better when not used 24/7.

Ok.

>
> *What should the TorBox be able to do?*
>
> The main thing, of course, is that it should be able to anonymize my own
> use of the internet.

For that there is TBB, Tails, Whonix, Liberte Linux...

> Also, it should *always* run as either a relay or a bridge, never as a
> client only. It should always contribute bandwidth to the common good.
>
>  (when I first conceived of this device, I thought that it should ONLY be
> a
> bridge or relay for others, so as to make it a purely altruistic purchase,
> but then I realized that a combination of self-interest and altruism would
> probably make it much more attractive to users)
>
> When the box is delivered, it should come pre-installed with a minimal
> operating system. You connect the ip-cable and the power cord and turn the
> device on. Upon booting, it starts Tor and establishes a network
> connection. Default setting is to run as a non-exit relay.
>
> Iâd like it to run some kind of speed-test to estimate the upline/downline
> speed, and then set itself to use exactly HALF of that, so as to avoid
> issues. The user can adjust this setting via the interface, if necessary.
>
> -Can it be made to adapt itself, so that it wonât interfere with
> occasional
> spikes caused by the user wanting to use the full speed of the line? (for
> using BitTorrent, for instance) I know too little about computery stuff to
> know if this is easy or hard to implement.
>
> *The interface:*
>
> The device should have TWO interfaces. One for simple web interface
> (available through the IP-Out connector only) for settings to be adjusted
> on the fly. This interface could give options like running as relay or
> bridge, running as exit- or non-exit relay, using 10-90% of available
> bandwidth, etc.
>
> There should also be a very informative Help-section, where you can get
> advice for how to use the device securely. How to configure browsers,
> downloaders, etc.
>
> Then there should be a USB interface, which you connect to via a GUI
> program you run on your computer. Through this program, you can flash the
> device with new firmware downloaded fromtorproject.org. Or reset the
> device
> to factory presets.

Tor Router could do that all. You could check, what's discussed, what's
planed and what's implemented already.

> The device should be able to automatically download and install security
> updates from some secure server. Make it secure and trustworthy. These
> automatic updates should be optional, though, and the user should be given
> the option to only update manually.

There is a open trac ticket about this issue in Tor trac.

> There should be a TorBrowser-bundle available for download, [...]

This sounds like making it more complicated again.

> When trying to use the TorBox with a browser NOT configured securely, it
> should simply present a warning message; âYou are trying to connect to the
> Tor network using an insecure browser... etcâ. It should simply refuse to
> connect any program not communicating that it is securely set up.
>
> Is this idea feasible?

It won't work in all cases. What if they have a SSL protected website as
start page? What if they are configured to use a corporate VPN?

> What kind of hardware is necessary?  I/O-circuitry, PCB, 1GB onboard
> memory
> or less, tiny little processor?

I think the Tor Router project can answer this.

> How should the Tor community go about realizing this idea, if it is worth
> realizing?
>
> Open Hardware project? Sponsor?

Freedom Box?

> Can a TorBox be made so safe that it is immune to exploits?

Possibly, but that would require thousands of developers, audits and years
until it's bug free.

There are many projects covering one or another aspect you suggested.If
you're interested, please consider helping out one or more of those
projects. There are development and non-development ways to help out.
Search if what you suggest has been already discussed and take action if
not.

Speaking for Whonix, the project is currently short of contributors (only
me). Help is welcome (development or testing/feedback).

Cheers,
adrelanos

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Project idea: TorBox
  - From: Morgan Andreasson

Prev by Author: Re: [tor-talk] Gmail and Bitcoin? [OT]
Next by Author: Re: [tor-talk] Leave Your Cellphone at Home
Previous by thread: Re: [tor-talk] Project idea: TorBox
Next by thread: [tor-talk] Tor 0.2.4.8-alpha is out
Index(es):
- Author
- Thread