On 5/4/15, Mike Perry wrote:
> ...
> In my opinion, the most interesting use case for these devices is where
> Tor Launcher implements a peering mechanism whereby the user can click a
> button at some point in the initial connection wizard that says "My
> Router Knows My Tor Configuration."
>
> Wh
coderman:
> On 5/3/15, intrigeri wrote:
> > ...
> > Just to clarify, the threat model explicitly doesn't include "Attacker
> > is able to reconfigure Tor on a client system to use an arbitrary set
> > of bridges", right?
>
> correct.
>
> neither bridges nor pluggable transports are supported. i
On 5/4/15, coderman wrote:
> ...
> this deserves a longer answer, but you're right. if the attacker is
> using Tor itself a Tor enforcing gateway can't protect against those
> attacks.
i have updated the document to make this more clear.
it is hard to express the nuance of vulnerability here. fo
On 5/4/15, Leif Ryge wrote:
> ...
> So, unlike a transparent tor router, this system is not intended to prevent
> malicious software on client computers from being able to learn the client
> computer's location, right?
hello Leif!
this deserves a longer answer, but you're right. if the attacker
Thanks for going into so much detail, you've given me a lot to think about.
The real solution is probably the one that nobody wants to take on - having
an application HTTP port that could take direct input from HTTP aware stuff
and utilize a richer set of information then SOCKS allows for. I've spe
On Sat, May 02, 2015 at 08:37:17PM -0700, coderman wrote:
> a friend and i are working on a Tor router design that doesn't
> compromise anonymity for convenience. [0][1][2][3][4]
So, unlike a transparent tor router, this system is not intended to prevent
malicious software on client computers from
On 5/3/15, teor wrote:
> ...
> Some users will want as little logging as possible, as it can lead to
> privacy leaks if the device is compromised - may I suggest you turn it off
> by default?
you are correct; the default should be no logging. i have updated the
document, and noted that any loggin
