[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] transparent tor routers

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] transparent tor routers
From: lee colleton <lee@xxxxxxxxxxxx>
Date: Fri, 7 Oct 2016 03:27:08 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 07 Oct 2016 06:27:39 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=colleton-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=gMsL0m8nwNqihhucJ0xSA0Loz0VyErGl5dZ2h9AS6U8=; b=POsOqZyTIrIo5J/SLMh0SRTpwmd38PIvqAmXzfDfrSKWCDCC35kfrIlzRB2p89/PZ4 ucfVdGpbTGQrBYQkqGCyZKkJ72vEr2cXOTkAOA8FevxHkYgWUN1S8HLZ3nZlXAEKnNGD BxOq0NmqSyhu1Zc1vlR48hgPBoCQKUGv0Y9bwJgSbgiGKFEZ2Wdr+dlKo3civCXRm9Pi TWHC29PmkvDja+I3geYwryjebtS/1QfKQrFB2/EPJShw/x8GcD1q2fwkYB9YhD9nmBOq hHHvaewvxL6glRxdHdlfrjslJjIBfOUs/s0m8t5qoyO+Kx++H7GjA/EaM4bo4SSPVDcd +VbA==
In-reply-to: <3626394.Wf5Ln1OSlE@home>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAAstKWCnHJEtm6Ujvfqjupez0rEo0wU8z3PAGX6yRf0UQqzQEQ@mail.gmail.com> <1465048.GSfjGkMYoi@pc452> <1453150903.28962.25.camel@pentium.freedom.box> <3626394.Wf5Ln1OSlE@home>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

To resurrect this thread, it appears that BoingBoing is now selling the
Anonabox through their store:
https://store.boingboing.net/sales/anonabox-pro

Does the Tor Project have an official position on this device?

--Lee

On Mon, Jan 18, 2016 at 2:11 PM, Aeris <aeris+tor@xxxxxxxxxx> wrote:

> > Besides some extra torrc entries, only a few simple firewall rules are
> > needed.
>
> Not so simple firewall rules.
>
> You must avoid Tor inside Tor (worse privacy than Tor only), so if one of
> the
> user already use Tor (Tor browser or native client), you don’t want to re-
> torify his traffic.
> Only feasible with 2 access points (1 for naked client, 1 for already Tor
> user), or better (avoid explanation/rtfm for the users) with ipset rules to
> discriminate traffic.
> And if ipset, need some smart script (python + stem) to regenerate rules
> regularly from Tor consensus.
>
> AFAIK, small router (as Olimex) don’t have RTC, so your clock is borked at
> boot time and must be set manually if you want your Tor client be able to
> connect (don’t support clock drift more than few hours).
> And then, for a fully automated not-savy user targeted device, and more
> difficult if you want no no-Tor traffic at all (NTP forbidden because of
> UDP),
> you need some others tricks like htpdate or inotify, requiring perl and
> python.
>
> > I can also assure you that Tor works quite well on the router hardware
> > mentioned above. I'm only playing with the hardware but I have not
> > encountered any problems yet. Performance is OK too.
>
> Problem is not to have working Tor client with transparent proxying, but
> **correct** working Tor client with **correct** transparent proxying.
> Or you’re just doing a yet-another-anonabox-craps.
>
> With few MB of memory and MHz of CPU, you just have enough to run a
> standalone
> Tor client, all others things (ipset, python, stem, perl, ca-certificates,
> web
> server for webUI config…) can’t fit inside.
>
> And you have problem for Tor upgrade too (not possible on OpenWRT without
> tech
> skills and reflash).
>
> Regards,
> --
> Aeris
> Individual crypto-terrorist group self-radicalized on the digital Internet
> https://imirhil.fr/
>
> Protect your privacy, encrypt your communications
> GPG : EFB74277 ECE4E222
> OTR : 5769616D 2D3DAC72
> https://café-vie-privée.fr/ <https://xn--caf-vie-prive-dhbj.fr/>
>
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: [tor-talk] Is it secure to use Tor with HTTP Proxies?
Next by Author: Re: [tor-talk] sadly have to shut down my tor relay after less then 24 hours
Previous by thread: Re: [tor-talk] problem reinstalling NoScript
Next by thread: [tor-talk] recent Tor Blog thread
Index(es):
- Author
- Thread