Delivery-Date: Fri, 14 Nov 2014 16:04:44 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 66CA61E0C88;
	Fri, 14 Nov 2014 16:04:42 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id C68E4315C0;
	Fri, 14 Nov 2014 21:04:38 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 458D731595
 for <tor-talk@lists.torproject.org>; Fri, 14 Nov 2014 21:04:34 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id vRh_cu2qq9c9 for <tor-talk@lists.torproject.org>;
 Fri, 14 Nov 2014 21:04:34 +0000 (UTC)
Received: from mail-la0-x22e.google.com (mail-la0-x22e.google.com
 [IPv6:2a00:1450:4010:c03::22e])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id C91D52DCA8
 for <tor-talk@lists.torproject.org>; Fri, 14 Nov 2014 21:04:33 +0000 (UTC)
Received: by mail-la0-f46.google.com with SMTP id gm9so15639542lab.19
 for <tor-talk@lists.torproject.org>; Fri, 14 Nov 2014 13:04:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:date:message-id:subject:from:to:content-type;
 bh=095TodT/UQxphYdZp4ZM87CuilD9r5zsKgE8Oomkfjc=;
 b=h/BGCGdh3YQJ3+MK7HHOU+iq7JkKgxtqMSMckUvyTX+3J2pILRPByEgQCk4FbuyR0p
 2zhg69UoCipxUgBs9NAsxJOIL+lVPyWcVzuDA5/ptTAQearYkinhfLg6qY8p/7HqgHto
 /5hkG9Fi5Tkm1QR0pXi9hKgl6sehWtYlizVrrp6VQuvZNidYlGLiHTY2ff9ddN+bVhTj
 Ek4OkHGFOvhPzPj3FVvyIHjjT/LZ0ltFWo02Cx+XkxVRygyB23wWrfS9tvhRmGydyKAT
 qa8IudfhOoHYdHt9RTb1SDVwHck0Bkc0R3+CAUb7p7C5iuK35WPveoLc38z4Tedso8th
 GxRg==
MIME-Version: 1.0
X-Received: by 10.112.12.35 with SMTP id v3mr4231707lbb.80.1415999070589; Fri,
 14 Nov 2014 13:04:30 -0800 (PST)
Received: by 10.112.156.225 with HTTP; Fri, 14 Nov 2014 13:04:30 -0800 (PST)
Date: Fri, 14 Nov 2014 13:04:30 -0800
Message-ID: <CAJVRA1RUBUuZhTE7BX_aJTRnWFPZQ=nVEB3HJhbTm7JqneUNVg@mail.gmail.com>
From: coderman <coderman@gmail.com>
To: tor-talk@lists.torproject.org, 
 Lars Boegild Thomsen <lth@reclaim-your-privacy.com>
Subject: [tor-talk] Tor router requirements / best practices [was: Cloak Tor
	Router]
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 11/10/14, Lars Boegild Thomsen <lth@reclaim-your-privacy.com> wrote:
> ...
> Would run an OpenWrt build with Tor as Relay/Exit just fine.  And I would be
> quite OK if the Relay/Exit version required some technical skills for
> installation (as in was not available as a ready flashed plug-and-go
> device).

prior testing on similar hardware shows them at the bottom of the
relay capacity pool.  the trend the last few years has been toward
faster relays, rather than more relays, because of other pressures in
the Tor directory consensus.



> My own area of expertise is mainly the embedded Linux part and some solid
> network/unix foundation,

it appears anonymous contributors have edited https://titanpad.com/l2Wog5Hhk5

which would be useful to integrate back into a Tor wiki page like
https://trac.torproject.org/projects/tor/wiki/doc/Torouter including
any feedback you, or any other contributors, may have to provide.

the main points are provided by arma and mike in these threads:
  mike: https://lists.torproject.org/pipermail/tor-relays/2014-October/005541.html
  arma: https://lists.torproject.org/pipermail/tor-relays/2014-October/005544.html

"""
I was thinking something like:

- Many people keep wanting to build a magic anonymity box. And it's
really appealing to not have to change your behavior or your
application settings, and just magically get anonymity, so I can
understand why the idea keeps popping up.

- Unfortunately, if you just route all your traffic through Tor,
you're only solving half the problem: all the application-level issues
remain. First this is a problem when you use your Chrome over Tor and
then wonder how websites are able to recognize you anyway (remember
all the protections that Tor Browser adds over vanilla Firefox). And
second, as you say in your post here, it's a problem because of all the
chatter that comes from background applications, update attempts, printer
notifications, and so on that most systems do by default these days.

- To be fair, some expert users may still get a benefit from Torifying
their traffic. For example, if they've already set up a firewall to
block everything they don't want talking, and now they want to use
an application that's hard to configure a proxy for. Or if they have
thought deeply about their threat model and they don't want a lot of
the anonymity properties that Tor aims to offer. But that user is very
far from the target audience for these magic anonymity boxes.

- The best design we've been able to come up with is one that forces you
to be using Tor on your side, and only allows your traffic through if it's
coming from Tor. Making it use a proxy, or maybe even better a Tor bridge,
that's running on the router seems a fine way to do this limiting. And we
could also imagine running a captive portal website on the router that
intercepts outgoing port 80 requests and teaches you what you need to
do to use this network connection safely. Perhaps it has a local copy
of Tor Browser for you (but how does the user know it's the real Tor
Browser?), or perhaps it lets you reach https://www.torproject.org/
so you can fetch it yourself.

- This approach sure isn't as usable as the magic anonymity box. What a
great research area! But be aware that people have been thinking about
this issue for several years now, and don't get fooled by solutions
that brush all the above details under the rug....
"""


best regards,
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

