Re: funneling a wireless net's outbound connections through tor

[Arjan <tor-talk@xxxxxxxxxxxxxx>]

Scott Bennett wrote:
[...]
>      Governments are incomparably more dangerous than any 13-year-old or
> even ISPs.  Also, given the number of teenagers who have cracked well
> funded web servers, I'd say that said teenager is still not out of the loop
> without tor.
[...]
> Not using tor at all is far more dangerous in my view.

In this case, using TOR will make things less secure / anonymous for the
people using your wireless AP.

People using an open, unencrypted, AP can have their traffic sniffed by:
- other people nearby
- AP owner
- ISP of the AP owner
- government
- ... (depends on the destination)
When sending the traffic over TOR, (part of) it can also be watched by:
- all exit node operators (some owned by crackers / government agencies)
- their ISPs
- their governments

Since the AP user doesn't know he's using TOR, he will probably transmit
information that shows his identity. He may end up on a government watch
list, because they know that all TOR users are child pornographers /
terrorists.

Take a look at this too (it was mentioned on this list before):
http://www.derangedsecurity.com/time-to-reveal%e2%80%a6/


You should inform the users about TOR, before letting them use it. It's
less convenient, but it's much more secure for them. Not using TOR at
all would be even more secure for them, but then your IP would show up
when your users do bad things.

Some ideas:

Manual proxy setup
- redirect non-proxy http / https traffic to a page with setup
  information for your proxy
- allow traffic to your proxy
- block all other traffic

VPN, using PPTP or something like that
- redirect non-VPN http / https traffic to a page with setup information
- redirect all VPN traffic through TOR
- block all other traffic

I prefer a VPN solution, because of the wireless link encryption. It
should also work for any application that doesn't know about proxies.



Arjan