[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Cloak Tor Router



Answering your different emails at once:

- anonathing indiegogo: incredible... you can be sure that these guys are cheating on the crowdfunding campaign, as far as they can

- configuration: as you say the less needs to be configired, the better, but I am not sure we will reach a consensus of what should go through Tor and what sould not, as we can see in this thread people have different opinions

- cable connection: I think this is required, then minimum configuration is needed

- "do not send anything outside" wifi: I think it is required too

- all TCP through Tor: you say that it's difficult for the Cloak to detect SSL vs non SSL, but you are proposing a SSL only wifi, so the Cloak is supposed to know how to do this, no?

- all SSL through Tor, non SSL outside: I think I would choose that option myself by default for the reasons explained previously (see my latest answer, stupid traffic going outside will necessarily be ssl, my ws example does apply too for Tor flash proxies relayers)

- bittorrent: yes that's definitely an issue I think, I suppose the Cloak does relay the UDP traffic, I don't know what happened for your test but of course if UDP does not work nothing will happen, bittorrent trackers (which people should not use at all) and DHT are using UDP, the bittorrent protocol is using TCP and uTP (UDP), as far as I know it tries to establish both and breaks the TCP connection if uTP is successfull, I don't know really what is the most use, as far as I have seen both are used equally, but I did not study this precisely, maybe some other people can give inputs here. It's unlikely that the seeders are blocking the exit nodes, so once the bittorrent protocol establishes TCP connections with the peers in the swarm through Tor, there are no reasons that it does not work.

- maybe that's another reason to use "my" default, since the Cloak can not recognize bittorrent traffic it would go outside automatically

- as previously mentioned I will contact you off the list (when I have time) for the other topics.


Le 09/11/2014 10:27, Lars Boegild Thomsen a écrit :
On Friday 07 November 2014 17:29:23 Aymeric Vitte wrote:
And 5 "do not send anything outside", no? Usually you can restrict with
your ISP box but can you trust it?
What happens if you connect directly your PC to the Cloak with a cable?
I haven't really decided.  The box have a wan as well as a lan port.  I sort of expected to leave the lan port open and it certainly is in the current firmware version.  One option would be to make it possible to toggle it with a press on a button, but I really haven't thought that one through at all.  Any ideas appreciated.

Maybe the concept of several wifis is good but I don't see it very
usable, not sure what would be the security requirements for this but
assuming that I am trusting my local network why not a simple web
interface where you can configure the same for any device connected to
the box:
I think that is mostly related to the target audience for a device such as this.  The less that needs to be configured the better - assuming that most users  interested in a box such as the Cloak won't want to make massive reconfiguration.  Of course a "power user" can squeeze the box to run exactly as they prefer.  But it's important to me to have sensible default so that as many people as possible can use it without changing anything.

- do not allow anything outside
- allow all traffic outside Tor
- force everything through Tor (warning: close your bittorrent clients)
option: the Cloak could detect the bittorrent traffic
- force eveything through Tor except torrents
- force ssl through Tor, non ssl outside
Question - is Bittorrent still an issue at all?  I actually tried a few days ago - a quite popular torrent (thousands of seeds) bootstrapping using a magnet link - my netbook connected to a Cloak prototype with every single TCP port routed through Tor.  After 24 hours the magnet hadn't even downloaded - not a single byte received.  I suspect all trackers are using UDP now - and I guess most bittorrent clients too.




--
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk