Delivery-Date: Sat, 01 Nov 2014 15:42:54 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 9832F1E0398;
	Sat,  1 Nov 2014 15:42:52 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id BA21C31253;
	Sat,  1 Nov 2014 19:42:48 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 957082E707
 for <tor-talk@lists.torproject.org>; Sat,  1 Nov 2014 19:42:45 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id G4awhvMTM3RA for <tor-talk@lists.torproject.org>;
 Sat,  1 Nov 2014 19:42:45 +0000 (UTC)
Received: from mail-la0-x22e.google.com (mail-la0-x22e.google.com
 [IPv6:2a00:1450:4010:c03::22e])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 3F0C328499
 for <tor-talk@lists.torproject.org>; Sat,  1 Nov 2014 19:42:45 +0000 (UTC)
Received: by mail-la0-f46.google.com with SMTP id hs14so7661297lab.5
 for <tor-talk@lists.torproject.org>; Sat, 01 Nov 2014 12:42:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=HlEWKoZnWtShIpsrEQocChezT+/U8lk5Bg5/4cQOxYM=;
 b=SaT6U5zKIh3VHQAv76DdpTYgXVM/hHShmm5ooa5UmGZlPQMoHGv9Za/HCoLT4/Vt00
 uxohahjbJQ+Fmw80Fhahd+CnhNUOrnq4JVqy/kST+13KIuLR6Tj4bbQXQu9SEsBGVUxQ
 nnmBLbU861EyQ4iSQZYonh96VGatJnzcAtSBrE6q4Pgphfc+ygosD+JxkaTaPTOsloNK
 Ivq09RkQoXqhnZLI1b7TLgWYb3QIsOhePuSoUnPbyS1eQN/7IJvyu38BnsGaxlLiRO6E
 m609cjzmf11ejJJnIp0Jat8u5zK0RXHlAzOJtJ2UndxE3paeRzJ65Jnes/XiBERI0D1n
 x9pg==
MIME-Version: 1.0
X-Received: by 10.152.234.227 with SMTP id uh3mr36618661lac.69.1414870962007; 
 Sat, 01 Nov 2014 12:42:42 -0700 (PDT)
Received: by 10.112.156.225 with HTTP; Sat, 1 Nov 2014 12:42:41 -0700 (PDT)
In-Reply-To: <7488606.2oxgLGVBPl@ncpws04>
References: <7488606.2oxgLGVBPl@ncpws04>
Date: Sat, 1 Nov 2014 12:42:41 -0700
Message-ID: <CAJVRA1QJ26Vtjt57N4Ducw3LV=MxnqaoGj0DY6L2D4-5vq8rxw@mail.gmail.com>
From: coderman <coderman@gmail.com>
To: tor-talk@lists.torproject.org, lth@reclaim-your-privacy.com
Subject: Re: [tor-talk] Cloak Tor Router
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 11/1/14, Lars Boegild Thomsen <lth@reclaim-your-privacy.com> wrote:
> ... We - the team behind Cloak - and me (the
> networking and embedded Linux guy in the team) are genuinely concerned about
> privacy and we really would like this product to ...

first question, did you contact Tor Project Inc. about this for their
input? (if yes, what was their take on your aims?)



> The first step was to isolate the Tor/Cloak related stuff from my internal
> source tree and actually put a builtable source online on Github. That is
> currently available here: https://github.com/ReclaimYourPrivacy.

the majority of these repositories are forks of existing public
projects, but not clearly so. (e.g. cloak-routing is a selection of
specific OpenWRT packages, eschalot, etc.)

what do you think of branching from upstream repositories, and keeping
your changes in a manner that upstream would be encouraged to
incorporate?

i have more feedback on code itself, but this is foremost to mention.



> Second step was to document the hardware development to convince everybody
> (hopefully) that we _are_ actually capable of having a device such as this
> manufactured at a competitive price. Most of that documentation went on our
> web-site (https://reclaim-your-privacy.com) and schematics/PCB design on
> Github (same url as before).

i approve of open hardware approach very much :)

perhaps useful to identify what is open (like PCB) and what is not (Atheros)



> I had already (9 month back) come up with some sensible firewall rules that
> would pretty much force all TCP traffic through Tor and since I had been
> running it for 9 month it was at that time fairly well tested

obviously this is not difficult, but it is also more complicated than
just "some sensible rules". e.g.
https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy and
iptables -A OUTPUT -m conntrack --ctstate INVALID -j DROP and all the
other intricacies...



> ... at that time we
> could generate a random root password and WiFi key, flash that to a small
> dedicated R/O partition on the flash, print it on a label attached to the
> box (along with Serial number and MAC address).

it would also be great if you could introduce some per-device unique
entropy seed, obtained from a strong hardware based random number
generator. (how better to signal your interest in utmost privacy, even
if practical benefit is less concrete? :)


> First of all, I would like to hear more opinions about the value of a device
> such as this.

the concept of a portable Tor proxy hardware router that fits in your
pocket is great, in my not so unbiased opinion :)


> I realize that most technically adept people will frown on a a
> "toy" such as the Cloak,

what technical people will frown on is the way the device is presented
to users, and if users are placed into risk by technical errors.


> but this device is really not meant for anybody who
> can install the Tor software on their own or someone who can install Tor on
> a Rasberry Pi.

that's fine; i believe it is possible to make a device that is
transparently usable that also doesn't put users at needless risk, if
that is what you are getting at.

the suggestions others have made that i second:
- block accidental Tor over Tor setups.
- provide a Tor Browser on the supported platforms with TOR_TRANSPROXY=1
- provide automated builds, so that users can keep their device up to
date easily, or use a built-in mechanism to obtain and install the
latest easily.

in general, some guidelines that me as a technical person would like to see:
- the device should fail safe, rather than fail open: if i
accidentally connect my friend's windows XP laptop to your device, it
should block rather than allow all by default.
- support robust stream isolation, beyond what may be default. perhaps
IsolateDestAddr and IsolateByClientAddr on TransPort (this does not
yet exist, but you could code it to the benefit of all Transparent
proxy consumers :)

---

regarding your other information:

from your kickstarter, "We commit to establish and operate new exit
nodes, to ensure that we are pulling our weight. Tor is currently at
approx 2000 users per exit node. For every 1000 devices we ship, we
will establish a new dedicated exit node. "

why the focus on number of exit nodes, instead of contributed exit
capacity?  you're measuring the wrong thing here.

---

i have more feedback, but your responses to these questions will help
me determine how much time i can contribute to an evaluation.

best regards,
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

