Delivery-Date: Sun, 09 Nov 2014 06:03:17 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,
	URIBL_RHS_DOB autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 5EC0B1E0525;
	Sun,  9 Nov 2014 06:03:16 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 5A02931A50;
	Sun,  9 Nov 2014 11:03:11 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 7EB5131A4F
 for <tor-talk@lists.torproject.org>; Sun,  9 Nov 2014 11:03:07 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 5JkIxI3JfnId for <tor-talk@lists.torproject.org>;
 Sun,  9 Nov 2014 11:03:07 +0000 (UTC)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com
 [IPv6:2a00:1450:400c:c05::235])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 109DB31A4D
 for <tor-talk@lists.torproject.org>; Sun,  9 Nov 2014 11:03:07 +0000 (UTC)
Received: by mail-wi0-f181.google.com with SMTP id n3so8069293wiv.2
 for <tor-talk@lists.torproject.org>; Sun, 09 Nov 2014 03:03:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=message-id:date:from:user-agent:mime-version:to:subject:references
 :in-reply-to:content-type;
 bh=g2lzgXIc5Q4I0iyGZ/LcGM1Qt1eQSfumWLC+tvLOIWE=;
 b=VWgUw0WbdTWgo6EJsPXIe0onP2VDNh89p1u4sQ4yjzxFPTF5geNwYvgatJCBqb/KIE
 k2XY6Xt6Z0B3hwZR53TsO/Aw5uc3EW9ZfH/VgQTI6hArNFjh0cJuam+KBqAes74csFDU
 lU5FpJi0PivzICP9mLdK1VSGAmSKH34DeY1gFzgy10KZSsR+rYhroJpvWn0B/jERLkvr
 ZpqFSmRQQUKdWYkTMmHOiBGOrt2FBLd1HbdaytaCML6JHrG+Fa5DEslpKxWqYhHy5su9
 dbcyzK84GTvqDFlCPeCPEJREzooMD2ZWZtB5yG57+z4B9g8b/zfUJ9qOoFr5jKhMlXMl
 a5CA==
X-Received: by 10.180.91.49 with SMTP id cb17mr20839377wib.30.1415530984164;
 Sun, 09 Nov 2014 03:03:04 -0800 (PST)
Received: from [192.168.1.11] (ANice-652-1-324-82.w86-193.abo.wanadoo.fr.
 [86.193.107.82])
 by mx.google.com with ESMTPSA id n4sm8942847wiz.17.2014.11.09.03.03.02
 for <tor-talk@lists.torproject.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Sun, 09 Nov 2014 03:03:03 -0800 (PST)
Message-ID: <545F49E8.8030205@gmail.com>
Date: Sun, 09 Nov 2014 12:03:04 +0100
From: Aymeric Vitte <vitteaymeric@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <7488606.2oxgLGVBPl@ncpws04> <3413830.AxW13VOK2Y@ncpws04>
 <545CF363.7020201@gmail.com> <1462120.4xZilL0l5k@ncpws04>
In-Reply-To: <1462120.4xZilL0l5k@ncpws04>
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Cloak Tor Router
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Answering your different emails at once:

- anonathing indiegogo: incredible... you can be sure that these guys =

are cheating on the crowdfunding campaign, as far as they can

- configuration: as you say the less needs to be configired, the better, =

but I am not sure we will reach a consensus of what should go through =

Tor and what sould not, as we can see in this thread people have =

different opinions

- cable connection: I think this is required, then minimum configuration =

is needed

- "do not send anything outside" wifi: I think it is required too

- all TCP through Tor: you say that it's difficult for the Cloak to =

detect SSL vs non SSL, but you are proposing a SSL only wifi, so the =

Cloak is supposed to know how to do this, no?

- all SSL through Tor, non SSL outside: I think I would choose that =

option myself by default for the reasons explained previously (see my =

latest answer, stupid traffic going outside will necessarily be ssl, my =

ws example does apply too for Tor flash proxies relayers)

- bittorrent: yes that's definitely an issue I think, I suppose the =

Cloak does relay the UDP traffic, I don't know what happened for your =

test but of course if UDP does not work nothing will happen, bittorrent =

trackers (which people should not use at all) and DHT are using UDP, the =

bittorrent protocol is using TCP and uTP (UDP), as far as I know it =

tries to establish both and breaks the TCP connection if uTP is =

successfull, I don't know really what is the most use, as far as I have =

seen both are used equally, but I did not study this precisely, maybe =

some other people can give inputs here. It's unlikely that the seeders =

are blocking the exit nodes, so once the bittorrent protocol establishes =

TCP connections with the peers in the swarm through Tor, there are no =

reasons that it does not work.

- maybe that's another reason to use "my" default, since the Cloak can =

not recognize bittorrent traffic it would go outside automatically

- as previously mentioned I will contact you off the list (when I have =

time) for the other topics.


Le 09/11/2014 10:27, Lars Boegild Thomsen a =E9crit :
> On Friday 07 November 2014 17:29:23 Aymeric Vitte wrote:
>> And 5 "do not send anything outside", no? Usually you can restrict with
>> your ISP box but can you trust it?
>> What happens if you connect directly your PC to the Cloak with a cable?
> I haven't really decided.  The box have a wan as well as a lan port.  I s=
ort of expected to leave the lan port open and it certainly is in the curre=
nt firmware version.  One option would be to make it possible to toggle it =
with a press on a button, but I really haven't thought that one through at =
all.  Any ideas appreciated.
>
>> Maybe the concept of several wifis is good but I don't see it very
>> usable, not sure what would be the security requirements for this but
>> assuming that I am trusting my local network why not a simple web
>> interface where you can configure the same for any device connected to
>> the box:
> I think that is mostly related to the target audience for a device such a=
s this.  The less that needs to be configured the better - assuming that mo=
st users  interested in a box such as the Cloak won't want to make massive =
reconfiguration.  Of course a "power user" can squeeze the box to run exact=
ly as they prefer.  But it's important to me to have sensible default so th=
at as many people as possible can use it without changing anything.
>
>> - do not allow anything outside
>> - allow all traffic outside Tor
>> - force everything through Tor (warning: close your bittorrent clients)
>> option: the Cloak could detect the bittorrent traffic
>> - force eveything through Tor except torrents
>> - force ssl through Tor, non ssl outside
> Question - is Bittorrent still an issue at all?  I actually tried a few d=
ays ago - a quite popular torrent (thousands of seeds) bootstrapping using =
a magnet link - my netbook connected to a Cloak prototype with every single=
 TCP port routed through Tor.  After 24 hours the magnet hadn't even downlo=
aded - not a single byte received.  I suspect all trackers are using UDP no=
w - and I guess most bittorrent clients too.
>
>
>

-- =

Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

