[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor router requirements / best practices [was: Cloak Tor Router]

I am not sure we are talking about the same thing, or at least we see it differently, I don't see very well what would be the use of a box acting as a bridge, it would mean that the OP is inside your device while the box is supposed to anonymize (as far as it can) or block the traffic from any devices on the local network.

I don't see very well what would do the captive portal too (why port 80 only?)

Mike wrote:

"...to design a secure pairing system between Tor Browser and a Tor router ..."

"In this mode, the Tor router could actually act as a defense-in-depth mechanism that would block all non-proxied traffic, providing additional protection against browser or other remote exploits, by only allowing properly Tor-configured application traffic to exit onto the Tor network."

OK for browsing, but then you would block all the traffic for apps or devices that you can not proxy.

As I see it the interest of such a box is to centralize the traffic of whatever connected object you have and decide if it should be blocked or routed through Tor or not.

I don't see an ideal design but I think the box could have as simple interface where for any connected device the user can choose:

block (default yes)

if not blocked:

ssl : block/Tor/not Tor - default Tor

non ssl: block/Tor/not Tor - default not Tor

With the pairing system mentioned above where the user would use the FF Tor browser if available on the device with the proxy automatically set to the box and where the box would let go through Tor the traffic that is proxied to it independantly of the above rules except if the device is blocked.

Still the user would have to do some configuration but that does not look complicate.

This assumes that you trust your local network.

Le 17/11/2014 19:35, Rusty Bird a écrit :
coderman wrote:

- The best design we've been able to come up with is one that forces you
to be using Tor on your side, and only allows your traffic through if it's
coming from Tor.
corridor has such a design:

I'd love to turn it into a bona fide WiFi hotspot:

Making it use a proxy, or maybe even better a Tor bridge,
that's running on the router seems a fine way to do this limiting.
Doesn't bridge connection setup (on the client side) complicate things
too much, especially for people unfamiliar with Tor?

More importantly, a bridge would usurp the position of any circuit's
first hop. Though there's a trac ticket somewhere about plans to make
bridges the zeroth node before the other three.

And we
could also imagine running a captive portal website on the router that
intercepts outgoing port 80 requests and teaches you what you need to
do to use this network connection safely. Perhaps it has a local copy
of Tor Browser for you (but how does the user know it's the real Tor
Browser?), or perhaps it lets you reach https://www.torproject.org/
so you can fetch it yourself.
Yup, see the todo.

I really hope to be able to work on this in the next months. If not,
maybe you can find some use in the corridor repo.

Rusty Bird

Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to