Delivery-Date: Wed, 24 Feb 2016 15:21:04 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 181471E04D7;
	Wed, 24 Feb 2016 15:21:03 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 3B29F39473;
	Wed, 24 Feb 2016 20:20:57 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 0730F39608
 for <tor-talk@lists.torproject.org>; Wed, 24 Feb 2016 20:20:53 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Z3dF-QFIf2tp for <tor-talk@lists.torproject.org>;
 Wed, 24 Feb 2016 20:20:52 +0000 (UTC)
Received: from gil.mayfirst.org (gil.mayfirst.org [216.66.23.48])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id E4F3F395FB
 for <tor-talk@lists.torproject.org>; Wed, 24 Feb 2016 20:20:52 +0000 (UTC)
Received: from gil.mayfirst.org (unknown [127.0.0.1])
 by gil.mayfirst.org (Postfix) with ESMTP id 52E335E93
 for <tor-talk@lists.torproject.org>; Wed, 24 Feb 2016 15:20:48 -0500 (EST)
Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender:
 nathanfreitas@gil.mayfirst.org) with ESMTPSA id 3B3B25E78
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailauth.nyi.internal (Postfix) with ESMTP id C4BB927FC9
 for <tor-talk@lists.torproject.org>; Wed, 24 Feb 2016 15:20:49 -0500 (EST)
Received: from web1 ([10.202.2.211])
 by compute4.internal (MEProxy); Wed, 24 Feb 2016 15:20:49 -0500
Received: by web1.nyi.internal (Postfix, from userid 99)
 id A5318AE5CD6; Wed, 24 Feb 2016 15:20:49 -0500 (EST)
Message-Id: <1456345249.2315023.530921882.588AA452@webmail.messagingengine.com>
X-Sasl-Enc: kuh7UU1C1gkwQnLxgNG+jmm7aaVFYECBJkedGe5qv0Ab 1456345249
From: Nathan Freitas <nathan@freitas.net>
To: tor-talk@lists.torproject.org
MIME-Version: 1.0
X-Mailer: MessagingEngine.com Webmail Interface - ajax-aeec9b65
In-Reply-To: <512753.387ebb5811cde279c2db24ac1b6b8cb4ccba7d36@popretr.messagingengine.com>
References: <512753.387ebb5811cde279c2db24ac1b6b8cb4ccba7d36@popretr.messagingengine.com>
 <N1P-qSmsJ97d0O@Safe-mail.net>
Date: Wed, 24 Feb 2016 15:20:49 -0500
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: Re: [tor-talk] Thoughts on Tor router hardware
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Wed, Feb 24, 2016, at 03:04 PM, some_guy123@Safe-mail.net wrote:
> > My conclusions are that running Tor on the router can enhance both
> > security and usability.
> 
> You are dead wrong on that. (Semi-) transparent proxying is bad for quite
> a few reasons.
<snip>
> Unless you know what you are doing, a lot of your traffic will run over
> the same circuit (something that TBB tries to avoid) and can potentially
> be correlated. Some of your traffic will likely contain unique
> identifiers that can be tied back to you.

He specifically points out that very issue with transparent proxying in
the post, and actually recommends the TorSocks mode, which blocks all
traffic that isn't specifically using the Tor SOCKS port.

His premise is sound that by physically isolating the Tor runtime
process away from the average person's insecure laptop, smartphone or
tablet, you are decreasing the likelihood that Tor can be tampered with.

I think we all need to stop thinking that "Tor on a hardware device"
automatically means Transparent Proxying of all traffic.

+n
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

