Delivery-Date: Mon, 02 Feb 2015 15:23:43 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY,
	URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 8BDCC1E0D5C
	for <archiver@seul.org>; Mon,  2 Feb 2015 15:23:41 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 32B5E333EC;
	Mon,  2 Feb 2015 20:23:39 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id F1676333C5
 for <tor-talk@lists.torproject.org>; Mon,  2 Feb 2015 20:23:34 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ow1qr5bK-MQ4 for <tor-talk@lists.torproject.org>;
 Mon,  2 Feb 2015 20:23:34 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id CFBE03338D
 for <tor-talk@lists.torproject.org>; Mon,  2 Feb 2015 20:23:34 +0000 (UTC)
Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id 453CB4116A
 for <tor-talk@lists.torproject.org>; Mon,  2 Feb 2015 20:23:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1422908612; bh=NN8weMuuv+SKJEdEb6RaWDICnCWE/EzQRT5qEyo3rfU=;
 h=Date:From:To:Subject:References:In-Reply-To:From;
 b=dil3sUWupfmsWYoH/M4Eqhlw500WQzrko2/0/zvzdrl3nnTmqtq4ZSLnFeaLdDrUC
 1wU2dgxi3LkVn5IPzy+ToWRkpPANePtAoZsb5L9LvSPXxkjEkfOV0yx1T+xADifoL0
 q8YFB89i/eAu8SYMau1ZoOvRc0/xOBryn1JTT8qA=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: mirimir) with ESMTPSA id 43D22427AE
Message-ID: <54CFDCC5.10500@riseup.net>
Date: Mon, 02 Feb 2015 13:23:33 -0700
From: Mirimir <mirimir@riseup.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <f8e73ec8753a6a3a6112de45f796c3ff@openmailbox.org>
 <20150202190609.GB26784@mail2.eff.org>
In-Reply-To: <20150202190609.GB26784@mail2.eff.org>
X-Virus-Scanned: clamav-milter 0.98.5 at mx1
X-Virus-Status: Clean
Subject: Re: [tor-talk] VPN/TOR Router
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 02/02/2015 12:06 PM, Seth David Schoen wrote:
> spencerone@openmailbox.org writes:
> 
>> Hey :)
>>
>> I have been looking at a physical product by Cryptographi called the
>> 'SnoopSafe Encrypted VPN/TOR Router'[0].
>>
>> Does this work?  Is this safe?
>>
>> [0] http://cryptographi.com/products/snoopsafe
> 
> There have been a number of discussions on this mailing list before
> about standalone Tor routers.  The usual consensus is that using a
> separate router together with regular Internet applications is risky,
> because the applications don't know that they shouldn't behave in
> certain ways.  For example, the applications might mention your real IP
> address in the course of some protocol, or they might send or allow to
> be sent a persistent cookie, which might eventually be sent over both a
> Torified and a non-Torified connection.
> 
> The Tor Browser has had a ton of work put into it
> 
> https://www.torproject.org/projects/torbrowser/design/
> 
> to try to make sure it works safely with Tor (again, by making all Tor
> Browser instances look alike, making sure that they don't allow
> long-lived cookies or cookie equivalents, and various other
> precautions).  The router running as a separate device can't usefully
> apply all of these protections to regular Internet applications "from
> the outside", and the applications, again, won't realize that they're
> being used in an anonymous way and that they shouldn't send data that
> might compromise their user's anonymity.
> 
> That's why the Tor Project doesn't currently recommend using Tor with a
> web browser other than Tor Browser, and that's something that would
> inevitably happen when using one of these standalone routers.

One can use rinetd on the workspace machine/VM to redirect the SocksPort
and ControlPort from the router to 127.0.0.1 and that will keep Tor
browser happy. You also need to configure Tor browser to not start Tor
locally. That's how Whonix handles it, I believe.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

