[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Router

Hi, Andri,

There are many similar projects that are "Tor routers". Many of the projects floating around Github and the like are produced by amateurs with little understanding of the requisite conditions and safe configurations, and as a result, they are remarkably poorly configured. Nonetheless, even if a project is evaluated to be correctly configured, it's often a bad idea to use it, and as a result, these should not be relied on for anonymity unless you know what you are doing.

Firstly, the programs on your computer are likely not going to be correctly configured (1) to use Tor in a manner that does not leak metadata and securely transfer information and (2) to practice good stream isolation.

Why's the first point important? Well, your email client, for instance, might append certain types of metadata to the headers of sent mail, or might send your password insecurely, or in a manner that makes it trivial for a bad exit node to recover this password, for example, the problems with STARTTLS, a common protocol designed for securely communicating with the mail provider, is known to be broken such that a bad exit can downgrade the connection to plaintext: https://blog.filippo.io/the-sad-state-of-smtp-encryption/. Other parts of your operating system might inappropriately be sending data that is unnecessary, or even dangerous such that it could compromise anonymity. The second point is also very important. Tor Browser practices stream isolation between tabs (for new connections etc) and other programs correctly configured do this too, like the parcimonie.sh script. If stream isolation is not practiced, different programs may share the same tor circuit, which is a great risk.

In light of this, I'd argue that journalists (and ordinary citizens!) should just use Tails, which chooses and configures programs to use Tor safely. For instance, it makes use of the TorBirdy extension for Thunderbird, which configures Thunderbird to have safer settings for sending mail over Tor. It will also do the same for other programs, but you should be aware installing extra software is dangerous in some cases. It also runs live, on a USB drive for instance, which makes it suitable for traveling.

- D

Andri Effendi:
Hi Tor Community,
I remember some time last year there was talk about a router for
journalists to bring with them when they went abroad.

It was really simple. I don't remember what it was called, netaid netkit???

Does anyone here know? Whats the progress of that project?

Is it safe to use? Also where can I find it online?

Kind Regards,
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to