[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Cloak Tor Router

Le 02/11/2014 04:10, Lars Boegild Thomsen a écrit :
On Saturday 01 November 2014 12:39:59 Aymeric Vitte wrote:
https://www.kickstarter.com/projects/1227374637/cloak, I would say that
the presentation is less "marketing oriented" than the anonaflop, after
a quick look, maybe the look of the box and its size does not appear
obvious to the potential pledgers.
Yeah I guess we are less "marketing oriented" perhaps even to a fault.  Anonabox definitely kicked up more interest than Cloak have done so far.

I don't know how anonabox did to attract so many people so quickly, I guess they have some contacts in the press and blogs, this campaign was something like an organized "gang" attack, unfortunatley this might have rendered people skeptical now for your campaign.

The enclosure design has not been finalized but we do have an idea and a designer working on it and Adrian have just changed the image to show the first rendering.  Do check it out if you feel like it - I think the "stealth look'n'feel) is quite cool.  Size wise it will be smaller than a TP-Link MR3020.

Maybe you should highlight it more in the presentation, so potential backers see it right away, as well as a simple drawing showing how to connect to the box easily, suggestions...

And probably you know already the drawdbacks of such approach,
I am aware of some but I am also quite sure there are some I haven't considered, so input is appreciated.

I think the hardest part is to make non-technical users aware that a Tor router can only do so much.  Their behavior using such a router is just as important (or more).

so from
my standpoint some minimal rules should be added not to fool the users
but this will make the device less interesting for them, like: only
allow https traffic,
The trick is to find a balance and I guess that is what I personally hope to find by discussing it here.  If a general consensus over a reasonable list of ports that are routed through Tor could be reached that would be great.

HTTPS you say.  What about for example XMPP, IMAP etc?

The balance is not easy to find I think, as everybody knows anonymizing you wrongly will lead to the contrary.

The rule could be "everything that is using SSL", if not the exit nodes can MITM you

Your TV media device that you mention in another answer is a good example, I have the same issue (what is this thing sending outside?), and people will have more and more the issue with the raise of connected/ott devices, then the box could allow to easily block whatever device too, which would be connected to your box, not to the ISP box. I have tried to discuss a little bit with some ISPs about putting in the boxes the project examples I gave, but at a certain point of time I felt like I would have to pay something, while my intent was the contrary, so beside the anonymity aspects there is definitely an interest of devices such as Cloak.

Regarding the prng topic, an idea that I have in mind since some time is to use the Tor protocol itself to gain entropy (not tested, neither proven secure), establishing Tor circuits is not trivial and a lot of unexpected things can occur as far as I have observed with node-Tor, which produces numerous events not predictable at all I believe.

do not run Tor over Tor (ie if the user is using
The Tor over Tor that you mention (and someone else mentioned it too) is interesting.  That I hadn't thought about at all honestly.

Question is - can that actually be done technically at a networking level?

I don't see how, unless the box can detect that it is Tor traffic, which is not supposed to be easy, and then route the message directly without using the Tor circuits, changing the proxy settings to the box looks to be the right solution, but it is not very user friendly

   Can Tor in fact bootstrap itself over a Tor connection?

Tor over Tor is establishing Tor circuits over Tor circuits, ie the exit nodes will establish them, which is quite inefficient

But that's not my point, can such device run nodejs and did you ever try
it/compare it with the traditional approach?
Hmmm, I am a little confused about the node.js question.  As I mentioned I am developing Internet of Things modules based on the same hardware design and I have actually managed to get node.js running on it.  We were looking for a scripting language that didn't put too much strain on the rather limited hardware resources (python, perl, erlang and well node.js) and node.js was by far the most well behaved.  It is not small though.  I think the Flash footprint was in the region of 3-4 MB and it is quite memory hungry.  Essentially node.js take more resources to itself than the tor daemon.

The interest is that nodejs
packages/apps are much more light than usual C/C++ packages
That depends really.  By themselves yes they are smaller.  But the node.js is not small and memory is perhaps the biggest issue.  Like all scripting languages node.js rely on some garbage collection of resources that are no longer used and it tends to leave a lot of wasted resources around for a while.

Potential applications (among tons of possible ones) see the links
below: node-Tor (Cloak with a much smaller package), Peersm
clients/bridges [1] (permanent background processes in the box, like
bittorrent clients in ISP boxes), torrent-live (find/block/track
monitoring spies + maintain a real time blocklist bittorrent client)
My personal expertise is networking and embedded Linux and I would be happy to run some tests on this and/or participate in any projects getting something like this going.

Interesting, that's cool that you did consider it and shows that the project is not only about packaging Tor is some small hw, I don't know with what apps you did test it but probably some optimization can be made for the gc issues, and the whole nodejs might not be required, I will contact you off the list to see what can be done (if you have time of course, probably busy by the campaign right now)

[1] https://github.com/Ayms/node-Tor/tree/master/install

Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to