On 12/01/2012 06:14 PM, John Case wrote:
On Fri, 2 Nov 2012, grarpamp wrote:
I don't agree. torsocks is still useful to prevent identity correlation
through circuit sharing. Pushing all traffic through Trans- and DnsPort
is not the answer.
Also, I don't want all of my applications using Tor -- just some of
them. Using Tails or TransPort wouldn't allow me to do this.
Some people do run multiple Tor's, jails, packet
filters, and apps. Largely to get around current
Tor limitations. Those people don't have this
singularity problem/position that you assume.
Torsocks is not required in that instance.
There has to be a better way to simply "make an ssh connection over ToR".
I don't want to run all of tails just to make a single ssh connection (2
minutes to properly fire up vmware, massive cpu use, laptop gets hot,
fans running, everything else comes to a crawl).
I don't want to run a full-blown tor relay installation with all the
bells and whistles and then maintain that full blown environment, watch
advisories, run periodic tests, test for dns leakage, blah blah.
I want this:
cd /usr/ports/net/torssh
make install
torssh user@xxxxxxxx
Am I the only person that wants/needs this ?
I understand that you can't go down the road of "make a custom tor app
for everry possible client app that people want to run", but come on ...
ssh ? If there was just a single app to do this for, it would be that,
right ?
The real issue is that once they start providing torified-forks of
certain projects where do they draw the line? torFirefox for TBB, sure
(which may be coming down the pipe anyway)! torssh, why not? Tor Project
is already stretched thin which means third party devs would have to
implement most of the work and who would be able to audit all of them?
"Torification" integrated into these projects would be a usability
god-send for most people. But that would ultimately be its undoing. At
this point many users don't understand that anonymity is not as simple
as flipping a switch, it's so much more complex than that. One possible
advantage of Tor being a little complex is that it makes people realize
that ensuring ones safety/privacy online is *not* easy and it's possible
that increasing the usability too much could put more people at risk.
In addition to this, if different projects have tor integrated then that
would mean each one would have to keep state separately and each would
most likely have different guard nodes and such. The result, again,
would be putting the users more at risk.
I understand the appeal of such packages, but if you think about this
then you'll see that running a single daemon and channeling connections
through it probably is the best and most resource efficient way. Just
think, if "x number of" programs you wanted to run were torified than
you would essentially being running x instances of tor, not ideal.
For now, using built-in proxy support for an application, or torsocks if
it doesn't have it, is the best option we have and we still need to be
careful when we use any built-in proxy option.