[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Free WiFi Bootable Ditros

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Free WiFi Bootable Ditros
From: Katya Titov <kattitov@xxxxxxxxxx>
Date: Mon, 30 Jul 2012 21:10:47 +1000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 30 Jul 2012 07:10:47 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1343646677; bh=fHq/ZHxQajWPrDCGr4zJ8We+UeuLGcQaEnB6dVvpoPY=; h=Date:From:To:Subject:Message-ID:In-Reply-To:References: Mime-Version:Content-Type:Content-Transfer-Encoding; b=pQ01MCOQREzqwG0WHpWfq0gEBJxM0qTu5/BFjrA3t7kYONXdSNUoyHGryBiC4bkNr iB7PmZsOmvIyyC4M3GUauYqdcn3lmZGSNq95oue6AaI+tVsNpzsKzV3oLViKeDqRsQ 4GNsbFLpSmcZ6nZ/T4MDJMFWU2pIXih0CPfI8czw=
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1343646677; bh=fHq/ZHxQajWPrDCGr4zJ8We+UeuLGcQaEnB6dVvpoPY=; h=Date:From:To:Subject:Message-ID:In-Reply-To:References:X-Mailer: Mime-Version:Content-Type:Content-Transfer-Encoding; b=FPRAFUEyPJK6lL74mK9EkKdAJ5hJ6XLwCoYPp0XwhZAMvQB4o8NV2e7WDLTjy1mw6 mQ6miGmYUP94Ko7fEkjvpn/1cDXbB1ZHFzmB7g/kWtxGeHRJeXLNUFa0+PYCROqVZ4 ZY3Gs87MFL1gyLuOPHypi+V35uTFVchK/qYUylpA=
In-reply-to: <501573F8.1070100@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20120729175733.356eb594@xxxxxxxxxxxxxxxxxxxxx> <501573F8.1070100@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

adrelanos:
> Katya Titov:
>> I'm wondering whether there are any bootable distros out there
>> which are designed to be used on free WiFi networks (e.g.
>> Starbucks, McDonalds) and enforce some level of network encryption.
>> Tails would obviously provide a solution here by forcing everything
>> through Tor, but I can also see alternatives which force the use of
>> an IPSEC VPN, or only allow outbound access to ports which are
>> commonly used for secure access (443, 993, etc).
> 
> Neither Tor nor Tails fall into the category "designed for free wifi
> networks". If Tails where focused primary at public wifis, their
> planed mac changer feature had much more priority. [1] Tor provides
> anonymity and circumvention, Tails is a LiveCD/USB designed for
> privacy and anonymity. If you use them for their purposes, they are
> good.

Agreed.

> But do you rather risk Tor exit nodes sniffing your traffic than
> public wifis? Either you are aware of risks of transmitting data over
> insecure networks, which is the internet, and take yourself care of
> end to end encryption or you don't care at all.

Yes, I agree with Andrew, I would rather trust Tor nodes than public 
WiFi.

> > It wouldn't need to be an entire distro, just a set of scripts
> > which configured the local firewall (iptables, ipfw, even the
> > regular Windows firewall) to only allow secure connections, and
> > established a Tor or VPN connection (if necessary).
> 
> At least with iptables I know it's be easy to limit yourself to a few
> outgoing ports.
> 
> > This would mean I could use my regular desktop environment to read
> > email, check social networks, etc all the while being reasonably
> > confident that any traffic which would normally traverse the
> > network unsecured (updates, etc, and any misconfigured software)
> > would not get access.
> 
> You falsely assume that a free wifi hotspot is less secure than a
> regular internet access point. You should configure your system in a
> way it doesn't matter if there is a man in the middle. (signed
> updates, patched correctly configured software, etc.)

Agreed, but this is becoming harder to do as operating systems and the
software we use becomes more complex. The best way to solve this would
be to ensure that the OS only does what you allow it to. But outside
one of the BSDs or a very minimal Linux distro this is pretty much
impossible these days -- they're just too complex. So using a distro
which doesn't update, or only allowing updates over secure channels and
blocking all other attempts may be effective.

> If you believe the free wifi hotspot is less secure than your regular
> home/cooperate network, you can build a VPN tunnel to your regular
> network. That is also safe and routes all your traffic through it.
> Alternatively you could use a VPN service.

Yes, that's an option, but I'm looking for something minimal at the
moment, and trying to counter my impression that the risk of
interception when using public WiFi is too great. As Andrew said: "The
decision on the risks are yours."

Thanks!
-- 
kat
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Free WiFi Bootable Ditros
  - From: Katya Titov
- Re: [tor-talk] Free WiFi Bootable Ditros
  - From: adrelanos

Prev by Author: [tor-talk] Free WiFi Bootable Ditros
Next by Author: Re: [tor-talk] Free WiFi Bootable Ditros
Previous by thread: Re: [tor-talk] Free WiFi Bootable Ditros
Next by thread: Re: [tor-talk] Free WiFi Bootable Ditros
Index(es):
- Author
- Thread