Delivery-Date: Wed, 24 Feb 2016 15:04:34 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 209981E06A9;
	Wed, 24 Feb 2016 15:04:32 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 9BB343908F;
	Wed, 24 Feb 2016 20:04:25 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 997C03907B
 for <tor-talk@lists.torproject.org>; Wed, 24 Feb 2016 20:04:21 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id U2NSc0FxDdFS for <tor-talk@lists.torproject.org>;
 Wed, 24 Feb 2016 20:04:21 +0000 (UTC)
Received: from pitango.safe-mail.net (pitango.safe-mail.net [212.29.227.82])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 60D7638FA5
 for <tor-talk@lists.torproject.org>; Wed, 24 Feb 2016 20:04:21 +0000 (UTC)
Received: by pitango.safe-mail.net with Safe-mail (Exim 4.84)
 (envelope-from <some_guy123@Safe-mail.net>) id 1aYffV-00052l-Oq
 for tor-talk@lists.torproject.org; Wed, 24 Feb 2016 15:04:17 -0500
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=N1-0105; d=Safe-mail.net;
 b=T5HwXjFqQlH8J8ebPVc/oQQD9NIHwrKJB0zCLr6ZF4PLwFculpAleg3X2OVXY9mA
 qZtYalKK9NMI7RtezDfLcdzIbANsyJbGBJI2U8Y0rubu4IhYJ2f/ydF024u5zUQW
 QsjSy7Ci1xwck8lwWz/tio0FU6maj1ks1yotvTjEryg=;
Received: from pc ([91.146.121.3]) by Safe-mail.net with https
Date: Wed, 24 Feb 2016 15:04:17 -0500
From: some_guy123@Safe-mail.net
To: tor-talk@lists.torproject.org
X-SMType: Regular
X-SMRef: N1P-qSmsJ97d0O
Message-Id: <N1P-qSmsJ97d0O@Safe-mail.net>
MIME-Version: 1.0
X-SMSignature: n2TAOEQRjIFSbq++zbl47bbnbNrcjnHxY7jDEd/Q62wGcBw6oVC7mLEH1u/2c+Ii
 Z+ug2TBT3+CHOCrropDmILafA7FOKTUvr/xteXaMM2B+xVx2T7kNqdYxJ2ZN3K5r
 G/smh6MNkv6ZrEOCjJnnphGZxQFzWYb4WPQKrz1yows=
Subject: Re: [tor-talk] Thoughts on Tor router hardware
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

> My conclusions are that running Tor on the router can enhance both
> security and usability.

You are dead wrong on that. (Semi-) transparent proxying is bad for quite a few reasons.

There is a huge number of applications with their own automatic update process that's insecure and vulnerable to man in the middle attacks. They may use non-encrypted connections, don't verify the server certificate (anyone with some valid certificate can impersonate the update server) or use weak/broken cryptography (even Microsoft update was vulnerable at one point). If that traffic runs over Tor, chances of being attacked increase dramatically, since malicious exit nodes can easily perform man in the middle attacks. This has happened in the past, with exit nodes injecting malware into downloads.

Unless you know what you are doing, a lot of your traffic will run over the same circuit (something that TBB tries to avoid) and can potentially be correlated. Some of your traffic will likely contain unique identifiers that can be tied back to you.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

