On Mon, Oct 13, 2014 at 1:07 PM, Griffin Boyce <grif...@cryptolab.net> wrote:
> There are lots of issues with hardware projects and it costs an obscene > amount of money -- not to mention the implications on security and > anonymity that it would introduce. > Do you think there's any way it could be done without creating said problems for security and anonymity? Perhaps by just publishing an open spec and the auto-booting relay image and letting hardware manufacturers, totally independently, produce and sell designs that conform. A conforming design is just one that meets the hardware spec and that the manufacturer claims will successfully run the image without any user intervention. The Tor project simply trademarks a logo and phrase, like "Tor Awesomeness Compliant" and a cute cartoon onion, and makes sure that no designs that are under spec or don't run the image use the slogan. They also make sure that anyone that uses the phrase also always includes a message like "The Tor Awesomeness Compliance mark and associated image of Vidalita, the adorable privacy respecting chibi-onion, does not mean that this machine is individually tested or certified by the Tor Project. It may have security flaws or back doors." so manufacturers can't claim or represent that its machines are known secure, just that they can run the image and be a good relay. This might still create problems if ne'er-do-wells might intercept a whole bunch of computers in the mail that they know are only being used as tor nodes. It might not create problems if the certification and image is popular, and tons of computers are certified that have tones of other possible uses. > Create a disk image of a free operating system that boots and tries to >> run the best node it can with whatever hardware it happens to have. It >> might also try to upgrade and apply security patches to the operating >> system and get the latest version of tor. >> > > This could work, but would need a maintainer. So, just totally totally hypothetically, not trying to sign up for yet another project that I don't know if I have time for, I could maybe be the maintainer for such a thing. I'm a programmer, an ex site reliability engineer, and have some experience with both low-level programming and keeping unix systems running. However, I am not a security, privacy, or anonymity expert, so I would need the support of Very Clever People whose advice I could rely on to tell me what to do, and how to patch any horrible security vulnerability bugs that my horrible shell scripts might have. Hopefully the extra surface area of such a distro would be very small, just a few extra scripts and config files, so there wouldn't be a ton to audit. > Lots of hosts have pre-made images for other uses, and there are projects > like VirtualBoxes[2] that might be good places to distribute these. An > easier way would probably be to use something like a python/bash script or > an ansible playbook to install dependencies, set permissions, and detect > speed to configure the torrc. That's a good idea, but I think that hardware compatibility is a big issue here, especially for non-technical users who might not be able to find and install linux drivers for whatever strange hardware that they have. A custom image that can control all dependencies and have full permissions to fetch and install whatever drivers it needs would probably get many more good nodes onto the network, with much less confusion from users. It's also possible that an image like that could be more aggressive trying to get the node online, and just use more resources if it knows that it's not running on a box which is used for anything else. Like, it could use all disk resources without worrying about starving anyone else, create and delete users, and generally just assume that it's the only thing running. Would be a great way to make it as simple as possible, and also provide a way for people to sunset their old, but still usable boxes without hassle. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
