Delivery-Date: Sun, 02 Nov 2014 05:52:58 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 26ADF1E042B;
	Sun,  2 Nov 2014 05:52:57 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id B603931646;
	Sun,  2 Nov 2014 10:52:52 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 3795C315D4
 for <tor-talk@lists.torproject.org>; Sun,  2 Nov 2014 10:52:49 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 1r7JGuxztLb6 for <tor-talk@lists.torproject.org>;
 Sun,  2 Nov 2014 10:52:49 +0000 (UTC)
Received: from mail-wg0-x236.google.com (mail-wg0-x236.google.com
 [IPv6:2a00:1450:400c:c00::236])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id D13E530EFD
 for <tor-talk@lists.torproject.org>; Sun,  2 Nov 2014 10:52:48 +0000 (UTC)
Received: by mail-wg0-f54.google.com with SMTP id n12so3858567wgh.27
 for <tor-talk@lists.torproject.org>; Sun, 02 Nov 2014 02:52:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=message-id:date:from:user-agent:mime-version:to:subject:references
 :in-reply-to:content-type:content-transfer-encoding;
 bh=DcpOgdPWmOdbWnxJonlR6ljxPSOVioLxj62UKdSt9wk=;
 b=UFd3pCxnpJ0zBkt/TGrWJBz9MYlNhsXgB3TRwWCSoO/TqPRCfROZ23fC65eXbkVasv
 QgJbXzcZRguMPdy8k3V2F0wqXfSgvD8/uLpo756g6LN0dG3VJZuoLJhVAqhSmLK06CSw
 IHhjH8wcWr1yPfTVZ0jTV6e+He2n/hM+4JTlddsOax69tdOIlJiF1p+p34VwfS1c0shU
 O2ysjBU/Ar1S1AkouH/4Thk4YxZmm2NEBNflH/DFHqnf7IVRxqqIiIeLaZpTYCmjN6aw
 E3y9JBOZDwsquMZ0Gy41dW+DHk99AxAwO+sZhTMrFUv+sgcJeoKL2LoaeoXiYkV6VsTL
 xA0g==
X-Received: by 10.194.184.140 with SMTP id eu12mr22683870wjc.47.1414925565836; 
 Sun, 02 Nov 2014 02:52:45 -0800 (PST)
Received: from [192.168.1.11] (ANice-652-1-365-64.w83-201.abo.wanadoo.fr.
 [83.201.200.64])
 by mx.google.com with ESMTPSA id fq1sm4781708wib.12.2014.11.02.02.52.44
 for <tor-talk@lists.torproject.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Sun, 02 Nov 2014 02:52:44 -0800 (PST)
Message-ID: <54560D00.9060807@gmail.com>
Date: Sun, 02 Nov 2014 11:52:48 +0100
From: Aymeric Vitte <vitteaymeric@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <7488606.2oxgLGVBPl@ncpws04> <5454C68F.8060807@gmail.com>
 <5947702.KBHuprtLhF@ncpws04>
In-Reply-To: <5947702.KBHuprtLhF@ncpws04>
Subject: Re: [tor-talk] Cloak Tor Router
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


Le 02/11/2014 04:10, Lars Boegild Thomsen a =E9crit :
> On Saturday 01 November 2014 12:39:59 Aymeric Vitte wrote:
>> https://www.kickstarter.com/projects/1227374637/cloak, I would say that
>> the presentation is less "marketing oriented" than the anonaflop, after
>> a quick look, maybe the look of the box and its size does not appear
>> obvious to the potential pledgers.
> Yeah I guess we are less "marketing oriented" perhaps even to a fault.  A=
nonabox definitely kicked up more interest than Cloak have done so far.

I don't know how anonabox did to attract so many people so quickly, I =

guess they have some contacts in the press and blogs, this campaign was =

something like an organized "gang" attack, unfortunatley this might have =

rendered people skeptical now for your campaign.

>
> The enclosure design has not been finalized but we do have an idea and a =
designer working on it and Adrian have just changed the image to show the f=
irst rendering.  Do check it out if you feel like it - I think the "stealth=
 look'n'feel) is quite cool.  Size wise it will be smaller than a TP-Link M=
R3020.

Maybe you should highlight it more in the presentation, so potential =

backers see it right away, as well as a simple drawing showing how to =

connect to the box easily, suggestions...

>
>> And probably you know already the drawdbacks of such approach,
> I am aware of some but I am also quite sure there are some I haven't cons=
idered, so input is appreciated.
>
> I think the hardest part is to make non-technical users aware that a Tor =
router can only do so much.  Their behavior using such a router is just as =
important (or more).

>
>> so from
>> my standpoint some minimal rules should be added not to fool the users
>> but this will make the device less interesting for them, like: only
>> allow https traffic,
> The trick is to find a balance and I guess that is what I personally hope=
 to find by discussing it here.  If a general consensus over a reasonable l=
ist of ports that are routed through Tor could be reached that would be gre=
at.
>
> HTTPS you say.  What about for example XMPP, IMAP etc?

The balance is not easy to find I think, as everybody knows anonymizing =

you wrongly will lead to the contrary.

The rule could be "everything that is using SSL", if not the exit nodes =

can MITM you

Your TV media device that you mention in another answer is a good =

example, I have the same issue (what is this thing sending outside?), =

and people will have more and more the issue with the raise of =

connected/ott devices, then the box could allow to easily block whatever =

device too, which would be connected to your box, not to the ISP box. I =

have tried to discuss a little bit with some ISPs about putting in the =

boxes the project examples I gave, but at a certain point of time I felt =

like I would have to pay something, while my intent was the contrary, so =

beside the anonymity aspects there is definitely an interest of devices =

such as Cloak.

Regarding the prng topic, an idea that I have in mind since some time is =

to use the Tor protocol itself to gain entropy (not tested, neither =

proven secure), establishing Tor circuits is not trivial and a lot of =

unexpected things can occur as far as I have observed with node-Tor, =

which produces numerous events not predictable at all I believe.

>
>> do not run Tor over Tor (ie if the user is using
> The Tor over Tor that you mention (and someone else mentioned it too) is =
interesting.  That I hadn't thought about at all honestly.
>
> Question is - can that actually be done technically at a networking level?

I don't see how, unless the box can detect that it is Tor traffic, which =

is not supposed to be easy, and then route the message directly without =

using the Tor circuits, changing the proxy settings to the box looks to =

be the right solution, but it is not very user friendly

>    Can Tor in fact bootstrap itself over a Tor connection?

Tor over Tor is establishing Tor circuits over Tor circuits, ie the exit =

nodes will establish them, which is quite inefficient


>
>> But that's not my point, can such device run nodejs and did you ever try
>> it/compare it with the traditional approach?
> Hmmm, I am a little confused about the node.js question.  As I mentioned =
I am developing Internet of Things modules based on the same hardware desig=
n and I have actually managed to get node.js running on it.  We were lookin=
g for a scripting language that didn't put too much strain on the rather li=
mited hardware resources (python, perl, erlang and well node.js) and node.j=
s was by far the most well behaved.  It is not small though.  I think the F=
lash footprint was in the region of 3-4 MB and it is quite memory hungry.  =
Essentially node.js take more resources to itself than the tor daemon.
>
>> The interest is that nodejs
>> packages/apps are much more light than usual C/C++ packages
> That depends really.  By themselves yes they are smaller.  But the node.j=
s is not small and memory is perhaps the biggest issue.  Like all scripting=
 languages node.js rely on some garbage collection of resources that are no=
 longer used and it tends to leave a lot of wasted resources around for a w=
hile.
>
>> Potential applications (among tons of possible ones) see the links
>> below: node-Tor (Cloak with a much smaller package), Peersm
>> clients/bridges [1] (permanent background processes in the box, like
>> bittorrent clients in ISP boxes), torrent-live (find/block/track
>> monitoring spies + maintain a real time blocklist bittorrent client)
> My personal expertise is networking and embedded Linux and I would be hap=
py to run some tests on this and/or participate in any projects getting som=
ething like this going.

Interesting, that's cool that you did consider it and shows that the =

project is not only about packaging Tor is some small hw, I don't know =

with what apps you did test it but probably some optimization can be =

made for the gc issues, and the whole nodejs might not be required, I =

will contact you off the list to see what can be done (if you have time =

of course, probably busy by the campaign right now)

>
>> [1] https://github.com/Ayms/node-Tor/tree/master/install

-- =

Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

