[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Cloud



As I understand, this is not really a good idea for a couple of reasons:

1. If it takes off, then it places a large amount of Tor's capacity in the hands of one organization (Amazon), which is a not so good idea because that's the prime vector by which Tor can be attacked: control of a statistically significant number of nodes. 2. Amazon EC2 instances cannot inherently be trusted, as the encryption will all happen on potentially hostile hardware adding to the risk profile of this project. If Amazon found themselves with a NSL, they could be conceivably, coerced into monitoring the machine states.

I would recommend establishing a script for apt and yum based distros that can be quickly deployed on any VPS hosted by any provider.

My $0.02

- Naz.


On 29/12/2016 4:05 AM, Scott Ainslie wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello,

I'm in the midst of relaunching Tor Cloud. I renamed it Onion
Cloud as per a Tor Cloud suggestion.

It builds Amazon Machine Images (AMI) on Amazon Elastic Compute Cloud
(EC2) that can be set up across multiple data centers in locations
across the globe to help users sidestep censorship.

It's built upon Ubuntu 16.04.1 LTS (Xenial Xerus). I might add support
for Ubuntu 14.04.5 LTS (Trusty Tahr) but in the meantime I'm
concentrating upon supporting Ubuntu 16.04.1 LTS (Xenial Xerus).

I prioritized reducing the amount of needless unsecured communication
aside from inheriting all the properties of the original and ensuring
that it's up-to-date.

I'm also concentrating upon strengthening the Amazon Machine Images
(AMI).

I added support to the Amazon Machine Images (AMI) for HTTP Secure
protocol-supporting repositories because the repositories Canonical
maintains don't support it. I hope Canonical adds support to its
repositories in due time.

Tor Cloud didn't support HTTP Secure protocol-supporting repositories
but I feel it's crucial to add explicit support for it and adopt a
defense-in-depth attitude in addition to reliance upon GnuPG detached
digital signatures.

I'm updating the default GnuPG configuration to add Secure Sockets
Layer support.

I plan to add support for Microsoft Azure and Google Compute Engine.
Microsoft Azure has a command-line interface that I can use to add
support for it as does Google Compute Engine. I'm afraid the cost of
Microsoft Azure or Google Compute Engine is outright prohibiting being
able to add support at this time.

I also bought a domain name and set up 3 Domain Name Servers for it. It
supports Internet Protocol version 4 and Internet Protocol version 6 and
its Domain Name Server zone is also signed using Domain Name System
Security Extensions.

I'm intending to publish the shell scripts on GitHub in a fortnight but
I'm hoping I can publish it before long. I'm still in the process of
debugging and updating the original shell scripts and I'd like to be
certain that it's robust.

I'm eager to begin encouraging contributors to help refine it and
suggest other capabilities that could be implemented to strengthen the
set up!
- -- Scott Ainslie <scott@xxxxxxxxxxxxxxxxxx>



-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYY/DTAAoJEM18vpeSzTzC3y8P/1Lqw4fkN08xuO1ZqXzylc7e
mwxCtfoQpAleFKVF5aT84LwpFd+s8EsEQnDPJyZBbRptovu8b5GZM8fqzlCYkU7w
QQ/InSS+KVq+RAb1WlEjPh5MwWQ7juvIYLgd1ih63mPT/a8OC6SNkmWoiXrZ+TZd
STR9AkX02ZjNxKJ+ZwxK5eKwB1li+DUV8KCToWVGlKUDeSc+/hRegdecN4u69cUD
M8QZepWN43CA+d8BHOVxIL36gcKdr8ahWG6dxMK/3J/Y5JqFkCfuBDy3FEr2+5Si
Y0hDdxqNzbPmeDDo8Jth8pmyeFY4kjnGC8SI7VfFzAodoKhit3T1P/y0BytHGxpM
AdEz9AkVALqW45MyQS7YkuLAGmN3BbK/IUziGK/APmKqma90/eeIxJS5kOdF4VUr
I5XCYR5VvOkccnbB1+lWA7eO6JHdcXHTAJEmD0GKDW6mj77B39GkUFKBndudg4jj
xGk43Wtpz/73qbZSganaRpGXovfTvFyY5eF/wQplp5erMrz0VAuUVzJ0ucZYi0e5
U+d3LXQUDvJG93p6AkCV3GLXFmBQX5LjKp2u5UyKUjvKa2845yCfbscrRtl13e7D
PSTLmhUUyfoPDQNr3NgsZrmnuGyBrOiD0A0TIl4tfCD00jFORsDUmzJPl4eMvE/W
fNJBXMPyTMYvJtZYajgY
=BejW
-----END PGP SIGNATURE-----

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk