Delivery-Date: Sat, 01 Nov 2014 07:40:12 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 364801E02FD;
	Sat,  1 Nov 2014 07:40:10 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id E16163186E;
	Sat,  1 Nov 2014 11:40:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 5655F31823
 for <tor-talk@lists.torproject.org>; Sat,  1 Nov 2014 11:40:02 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id EqqijuddknUB for <tor-talk@lists.torproject.org>;
 Sat,  1 Nov 2014 11:40:02 +0000 (UTC)
Received: from mail-wg0-x233.google.com (mail-wg0-x233.google.com
 [IPv6:2a00:1450:400c:c00::233])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id E4E1E31618
 for <tor-talk@lists.torproject.org>; Sat,  1 Nov 2014 11:40:01 +0000 (UTC)
Received: by mail-wg0-f51.google.com with SMTP id l18so9569742wgh.10
 for <tor-talk@lists.torproject.org>; Sat, 01 Nov 2014 04:39:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=message-id:date:from:user-agent:mime-version:to:subject:references
 :in-reply-to:content-type:content-transfer-encoding;
 bh=cXxVThJVqTDGYzQKQTvtuzBD6PdS8hspucO1HwtmdLg=;
 b=Wephc9N9LwBrnl5c8yz4lPXaTbVcBBFPdjTYReOD/siWvPVlj3W6WmjuqrBYzjuicZ
 yVFyH6pEc2u3omzxhx9FqDSsa7PtqrFdfgaOORgwAYqXPcjdvRhK/YvznfsvLeopkNeE
 Hz88h6VJNKszpfR/yfNIuohppqMIrKDf6cD94sC10MLNKbRpfEgkaBtQvucx1l3jXVfG
 fur3HirCkq4ZuwukbkCioonuUEY8qF5Y5sEZDhbJNkgeB8+orOoEPmOq7ct73tppJbn2
 j1rZNcK/LktbY1kRFXdcszSAT6mvrW6Ns48squEbQImNPxLv32X7e5qHmkFp0xsFlA0h
 epgw==
X-Received: by 10.194.250.68 with SMTP id za4mr33671611wjc.83.1414841997779;
 Sat, 01 Nov 2014 04:39:57 -0700 (PDT)
Received: from [192.168.1.11] (ANice-652-1-365-64.w83-201.abo.wanadoo.fr.
 [83.201.200.64])
 by mx.google.com with ESMTPSA id jw5sm1704503wid.3.2014.11.01.04.39.56
 for <tor-talk@lists.torproject.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Sat, 01 Nov 2014 04:39:57 -0700 (PDT)
Message-ID: <5454C68F.8060807@gmail.com>
Date: Sat, 01 Nov 2014 12:39:59 +0100
From: Aymeric Vitte <vitteaymeric@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <7488606.2oxgLGVBPl@ncpws04>
In-Reply-To: <7488606.2oxgLGVBPl@ncpws04>
Subject: Re: [tor-talk] Cloak Tor Router
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Probably it's useful to put the kickstarter link: =

https://www.kickstarter.com/projects/1227374637/cloak, I would say that =

the presentation is less "marketing oriented" than the anonaflop, after =

a quick look, maybe the look of the box and its size does not appear =

obvious to the potential pledgers.

And probably you know already the drawdbacks of such approach, so from =

my standpoint some minimal rules should be added not to fool the users =

but this will make the device less interesting for them, like: only =

allow https traffic, do not run Tor over Tor (ie if the user is using =

the Tor Browser then set the proxy to the box), only allow Tor Browser =

FF, etc

But that's not my point, can such device run nodejs and did you ever try =

it/compare it with the traditional approach? The interest is that nodejs =

packages/apps are much more light than usual C/C++ packages, as =

efficient or more, especially on such configurations probably.

Potential applications (among tons of possible ones) see the links =

below: node-Tor (Cloak with a much smaller package), Peersm =

clients/bridges [1] (permanent background processes in the box, like =

bittorrent clients in ISP boxes), torrent-live (find/block/track =

monitoring spies + maintain a real time blocklist bittorrent client)

Regards,

[1] https://github.com/Ayms/node-Tor/tree/master/install

-- =

Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms



Le 01/11/2014 10:09, Lars Boegild Thomsen a =E9crit :
> Hi Everybody,
>
> As some of you may have noticed, a new Tor Router project called Cloak wa=
s just launched on Kickstarter. In the wake of the Anonabox roller coaster,=
 I would like to present our own justification for the Cloak project, and a=
 bit of background. Please accept my apology if this comes across as a sham=
eless plug. That is not my intention. We - the team behind Cloak - and me (=
the networking and embedded Linux guy in the team) are genuinely concerned =
about privacy and we really would like this product to be what the TorRoute=
r never became and the main reason to post this here is to - hopefully - pr=
ovoke an interesting exchange of opinions about products such as this.
>
> <rant>
> For us, the idea of Cloak actually started about 9 month back. Adrian (wh=
o is the guy backing this project on Kickstarter) came up with the idea and=
 I (the guy who was working with embedded Linux systems in general) furious=
ly maintained that it was an idiotic idea and that it couldn't be done. As =
things goes, Adrian finally manage to wear me down and I actually decided t=
o give it a shot. At that time I was messing around with a cheap Wireless r=
outer module out of China called Oolite (this is funnily enough the EXACT s=
ame module that Anonabox claimed to have developed themselves - their proto=
type 2 which is a standard dev board from a company called Gainstrong). Thi=
s particular module have 16 MB of Flash and 64 MB of RAM and much to my sur=
prise Tor actually performed quite well on it. The result of these experime=
nts - which dates back to around February or so - was 1: That I have been r=
unning Tor on my own home gateway ever since and 2: That I managed to port =
OpenWrt to the Oolite module (and got that included in OpenWrt trunk). At t=
hat time the Tor Gateway/Router got on a bit of a back burner since real li=
fe took over for a while. The day job being that we actually develop smart =
Internet of Things modules - both hard- and software.
>
> About a month ago the Tor Router idea (which at some point had been dubbe=
d Cloak) resurfaced as a potential kickstarter idea. The reason was that in=
 the past 6 month we had actually developed quite a lot of experience with =
design and manufacture of the Internet of Things modules and all of a sudde=
n it no longer seemed impossible to actually manufacture hardware for a Tor=
 Router. We threw together a project plan and decided to launch around Nove=
mber/December.
>
> In comes Anonabox. At first read it was quite a shock to be beaten by a s=
mall margin and of course a huge disappointment as the project got immensel=
y popular very fast. Reading through the Kickstarter page and the web-site =
I did notice two things:
>
> 1. The lie about the hardware (since I had a 9 month old Oolite module)
> 2. The complete lack of his so-called Open Source software posted (only a=
 bunch of config files that looked pretty standard to me apart from the har=
dcoded passwords)
>
> But in general I didn't really think much about these issues and I actual=
ly felt the guy had pretty much done what we had been planning for a while =
and that in principle it was OK.
>
> When Anonabox was suspended on Kickstarter, we realised that we simply ha=
d to get this posted immediately but of course be very aware not to repeat =
any of the mistakes made by the earlier attempt.
>
> The first step was to isolate the Tor/Cloak related stuff from my interna=
l source tree and actually put a builtable source online on Github. That is=
 currently available here: https://github.com/ReclaimYourPrivacy.
>
> Second step was to document the hardware development to convince everybod=
y (hopefully) that we _are_ actually capable of having a device such as thi=
s manufactured at a competitive price. Most of that documentation went on o=
ur web-site (https://reclaim-your-privacy.com) and schematics/PCB design on=
 Github (same url as before).
>
> I had already (9 month back) come up with some sensible firewall rules th=
at would pretty much force all TCP traffic through Tor and since I had been=
 running it for 9 month it was at that time fairly well tested (including T=
or on hardware similar to our own). One thing that was missing was to creat=
e an OpenWrt build that would start up with sensible defaults everywhere.
>
> One problem which Anonabox was criticised for was his hardcoded root pass=
word and WiFi keys. I agree with that criticism completely because most peo=
ple who would be interested in a device such as this would never change the=
ir default password. Fortunately we had a quite elegant solution to this pr=
oblem. Since we plan to produce these modules, firmware can and will be loa=
ded in the factory as part of the production process (actually it happens d=
uring the semi-automated test after board assembly) and at that time we cou=
ld generate a random root password and WiFi key, flash that to a small dedi=
cated R/O partition on the flash, print it on a label attached to the box (=
along with Serial number and MAC address). That way each device will have a=
 default password, but nobody except the owner of the device will know it.
> </rant>
>
> Phew that was a relatively long rant and I apologize if I have caused ext=
reme boredom. I can however now, that I have explained the background, come=
 to the questions which is the primary reason for me writing here.
>
> First of all, I would like to hear more opinions about the value of a dev=
ice such as this. I realize that most technically adept people will frown o=
n a a "toy" such as the Cloak, but this device is really not meant for anyb=
ody who can install the Tor software on their own or someone who can instal=
l Tor on a Rasberry Pi. It is meant for my parents, my kids or anyone else =
who - deserve privacy but might not be technically able to achieve it. I fu=
lly understand and appreciate that a Tor Router such as Cloak will NEVER in=
 itself be able to provide any form of anonymity or security. It is merely =
a tool that if used correctly can help enforce a certain level of privacy (=
the newly introduced or discussed Australian data retention laws spring to =
mind and I am certain other countries are introducing the same laws). A sec=
ondary justification are devices which does not support Tor. I've got a Med=
ia player in my house and that does "phone home" every single time I play a=
 movie on it and there is no way I could possibly install Tor on it. With C=
loak and NO login - that is fairly anonymous.
>
> Second of all I would sincerely like a discussion about the firewall rule=
s and other security or usability issues with a device as this. The source =
is on Github for everybody to check and I will be happy to discuss any tech=
nical aspect and appreciate any constructive criticism.  I am of course als=
o happy to respond to any questions thrown in my direction.
>
> //Lars B=F8gild Thomsen
>

-- =

Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms


-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

