[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Cloak Tor Router



On Sunday 02 November 2014 11:36:14 michi1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx wrote:
> > and we really would like this product to be what the TorRouter never became
> I would really like to see this happen. To me it seems your goals are
> slightly different tough. Torouter tries to provide public wifi (without
> risks for the operator), run bridge (and other) nodes and create hidden
> services (see https://trac.torproject.org/projects/tor/wiki/doc/Torouter ).

It is quite clear that the Cloak will not be able to provide bridge and/or exits - it simply does not have the resources.  Hidden services however should be within the realm of possibility.  The public Wi-Fi is definitely a use case we are quite aware of.

> The kickstarter page suggests it can be used to anonymise outgoing traffic
> from clients to the internet. This may be quite problematic for these reasons:
> 
> 1) People will not get hardened clients. See
> https://www.torproject.org/projects/torbrowser/design/ for a list of changes
> made by torproject.

Even the Tor browser is facing the same issues if used wrongly.  On the Download page of Tor there is a list of 5 warnings.  One of these warnings read:

"Tor will encrypt your traffic to and within the Tor network, but the encryption of your traffic to the final destination website depends upon on that website. To help ensure private encryption to websites, the Tor Browser includes HTTPS Everywhere to force the use of HTTPS encryption with major websites that support it. However, you should still watch the browser URL bar to ensure that websites you provide sensitive information to display a blue or green URL bar button, include https:// in the URL, and display the proper expected name for the website. Also see EFF's interactive page explaining how Tor and HTTPS relate."

If a consensus is reached that a device such as Cloak must only allow certain traffic to be reasonable safe, then - well - that is the way the firmware should be build.  My personal take is that no solution is perfect and no solution will be able to prevent what NSA described as the "Epic Fail" - the user who is careless with the information he or she provides.  Any and all solutions - the Tor Bundle too - are making compromises to ensure usability (Javascript springs to mind - last time I checked that was enabled by default in the Tor Browser - that might have changed though).

> 2) Every device can sniff on traffic from all other devices on the same
> network. If you have one device which is compromised or somebody breaks the
> wifi securety you are in trouble.

WiFi clients are isolated from each other so no - if someone break Wi-Fi security they can access the Tor network (or the internet - depending on which Wi-Fi network they break), but in order to sniff traffic from other devices the Cloak device itself would have to be accessed (ie. root password guessed) and the device reconfigured (disable wifi isolation).

> 3) Depending on the configuration you may end up routing traffic from multiple
> devices over the same circuit. 

This one surprises me a bit.  The Tor manual states:

IsolateClientAddr
Donât share circuits with streams from a different client address. (On by default and strongly recommended; you can disable it with NoIsolateClientAddr.)

Each client will have their own address so it is my understanding circuits will not be shared.

> You will almost certainly route traffic from
> different programs on the same device over the same circuit. This may allow an
> exit node operator to correlate multiple identities.

Wouldn't that be solved by enabling:

IsolateDestPort
Donât share circuits with streams targetting a different destination port.

> 4) If you have a mobile device you probably want to be safe everywhere, not
> just at home.

Which is why the device will be highly portable ;)  I get what you mean but as stated earlier, everything security related is at the end of the day a matter of compromise.

> BTW: If you want to show people you are serious about privacy I would suggest
> creating your screenshots+demos with a free operating system.

Here is one running on Linux:

https://www.youtube.com/watch?v=tqpze_KkZdA&list=UUR0-mnEkrtk2J6HZOUZVEJQ

The team members didn't appreciate my skills as a camera man, so it never went on the web-site or kickstarter page.

-- 
Lars Boegild Thomsen
https://reclaim-your-privacy.com
Jabber/XMPP: lth@xxxxxxxxxxxxxxxxxxxxxxxx
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk