[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Relay Smartphone App

Le 14/10/2014 09:55, Lunar a écrit :
Jeremy Olexa:
>You are abit late on the project idea:)
If this needs repeating on this list: this is a bad idea. It will give
people illusions instead of actual protection.

A bad idea that is doing good on Kickstarter...

I don't see very well the difference with the Onion Pi, except that it's unclear what code they are using or I missed it (there is a link to a 41 KB gz 'complete' code, this looks quite small so probably they are using the Tor project code) and there are no warnings about the insecure aspects of its use as you mentioned.

Anyway, I still think the universal solution is the javascript Tor protocol inside browsers, browsers would perform the Onion Proxy and connect to the Tor relays using WebSockets, everything that is fetched by a page is redirected to the WebSockets (like for example everything is redirected to the Socks interface when you specify it, the messages would be encrypted by the Onion Proxy and sent to the Tor circuits over WebSockets ), unfortunately while the rest exists and is working (node-Tor) this last point is completely undoable today.

This would work on any device, mobile or not, with the associated level of security because this would not eliminate the need of the Tor browser features and probably some confinement/security features would need to be studied between the page and the ws OP, maybe similar to http://cowl.ws/, new methods to enforce privacy inside browsers with principles of code confinement and labels between origins, using what exists today, postMessage with workers and iframes (clever use of it for once...)

In addtion browsers will be able to perform the OR function too, so will be Tor relays, as previously mentioned in this thread if the bandwidth of the device is bad the interest can be quasi null unless some multipath possibilities are available, but given the number of browsers in the world it could be interesting to scale Tor.

So, it's probably worth studying the possibility with browser vendors (and standards), ie to solve this question: how to pass all the traffic to a given interface (here the ws OP)?

Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to