Andrew Lewman: > Perhaps a more constructive approach is to help define what the golden > standard for a true tor router should be at > https://trac.torproject.org/projects/tor/wiki/doc/Torouter. There are a > bunch of open tickets and design questions which need thought, research, > and solutions. FWIW, I spoke with someone named 'torrouter' in #tor-dev IRC a couple months back. I'm not sure if they were related to this project, but I pointed out that the biggest problem with a simple "torify everything" Tor router is that there are tons and tons of apps on your computer that love to make network connections and broadcast information about your computer to remote servers. This problem was first analyzed in 2008 at PETS: http://www.chiark.greenend.org.uk/~mroe/research/pets2008.pdf. Since then, we've seen the advent of app stores, account-based autoupdates, Dropbox, iCloud, things like Ubuntu's "Spotlight" search, and many many more chatty things. Not to mention the web browser tracking problem, of course. The problem with naively shoving all of this stuff over Tor is that Tor Exit nodes (and services watching for long-term Exit IP usage correlation) can see that user "AnonymousDissident1" really is the same as "Frank.Grimes.SF.CA.USA@xxxxxxxxx" who has a Dropbox account that he paid with his credit card. This may not be a problem for many people, but statements like "The anonabox uses Tor to allow anyone to access the Internet anonymously without having to install any software" and "The result is strong, secure anonymity. Using the anonabox hides your location, as well as all the other personal data that leaks through ordinary Internet use" are really not something you can claim if you are operating in this way. Location in particular will probably still leak all over the place due to chatty apps you have installed that broadcast it happily. All of that said, I immediately followed this bad news up with an offer to the 'torrouter' IRC nick that I would be happy to work with them to design a secure pairing system between Tor Browser and a Tor router, such that if you were using Tor Browser, it could get configuration information from your Tor router so that it used it as an upstream proxy, or such that Tor router would then install a firewall that only allowed certain Tor Guard/bridge IPs through. In this mode, the Tor router could actually act as a defense-in-depth mechanism that would block all non-proxied traffic, providing additional protection against browser or other remote exploits, by only allowing properly Tor-configured application traffic to exit onto the Tor network. I imagine the same sort of mechanism could also be used to provide defense-in-depth for OrBot+OrWall+Android and Tails users. Unfortunately, the 'torrouter' nick stopped talking to me at this point. I'm not sure if they just didn't want to put in this extra work, or were intimidated by how much work this, or what. Granted this would not be trivial to implement, but the offer to help come up with a design for it still stands, though. We can figure out the implementation and development cost sharing details after we have a good design. I'm not sure such a thing could be designed and implemented by their January 2015 rollout date goal, but I suspect they're going to struggle to meet that anyway with this much interest. I wished they'd actually talked to us about this earlier, instead of ignoring my offer then. As a result of their claims not matching up to reality, I've been debating writing a blog post warning about the various issues with Anonabox, but that seemed premature at this point, too. I suppose it still may come to that, though, if they keep ignoring us and making extreme, unsubstantiated, and inaccurate claims, especially with our trademark and logo plastered on the thing, as if it were an endorsement, or even our product. -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays