I just thought of an additional perk: The custom distro could blacklist known-bad hardware. Some random linux user will probably be pretty annoyed if their computer doesn't work when they just want to do some non-sensitive task, but someone installing the Tor custom distro would probably be happy to be presented with a message like "I think your hardware or firmware is compromised with a backdoor or surveillance mechanism. <insert identifying information of device>. Please rip it out, stomp on it, put in a new component from a different vendor, and reboot. Don't worry user, it isn't your fault, the internet still loves you."
On Mon, Oct 13, 2014 at 1:35 PM, Casey Rodarmor <ca...@rodarmor.com> wrote: > On Mon, Oct 13, 2014 at 1:07 PM, Griffin Boyce <grif...@cryptolab.net> > wrote: > >> There are lots of issues with hardware projects and it costs an obscene >> amount of money -- not to mention the implications on security and >> anonymity that it would introduce. >> > > Do you think there's any way it could be done without creating said > problems for security and anonymity? Perhaps by just publishing an open > spec and the auto-booting relay image and letting hardware manufacturers, > totally independently, produce and sell designs that conform. A conforming > design is just one that meets the hardware spec and that the manufacturer > claims will successfully run the image without any user intervention. The > Tor project simply trademarks a logo and phrase, like "Tor Awesomeness > Compliant" and a cute cartoon onion, and makes sure that no designs that > are under spec or don't run the image use the slogan. They also make sure > that anyone that uses the phrase also always includes a message like "The > Tor Awesomeness Compliance mark and associated image of Vidalita, the > adorable privacy respecting chibi-onion, does not mean that this machine is > individually tested or certified by the Tor Project. It may have security > flaws or back doors." so manufacturers can't claim or represent that its > machines are known secure, just that they can run the image and be a good > relay. This might still create problems if ne'er-do-wells might intercept a > whole bunch of computers in the mail that they know are only being used as > tor nodes. It might not create problems if the certification and image is > popular, and tons of computers are certified that have tones of other > possible uses. > > >> Create a disk image of a free operating system that boots and tries to >>> run the best node it can with whatever hardware it happens to have. It >>> might also try to upgrade and apply security patches to the operating >>> system and get the latest version of tor. >>> >> >> This could work, but would need a maintainer. > > > So, just totally totally hypothetically, not trying to sign up for yet > another project that I don't know if I have time for, I could maybe be the > maintainer for such a thing. I'm a programmer, an ex site reliability > engineer, and have some experience with both low-level programming and > keeping unix systems running. However, I am not a security, privacy, or > anonymity expert, so I would need the support of Very Clever People whose > advice I could rely on to tell me what to do, and how to patch any horrible > security vulnerability bugs that my horrible shell scripts might have. > Hopefully the extra surface area of such a distro would be very small, just > a few extra scripts and config files, so there wouldn't be a ton to audit. > > >> Lots of hosts have pre-made images for other uses, and there are projects >> like VirtualBoxes[2] that might be good places to distribute these. An >> easier way would probably be to use something like a python/bash script or >> an ansible playbook to install dependencies, set permissions, and detect >> speed to configure the torrc. > > > That's a good idea, but I think that hardware compatibility is a big issue > here, especially for non-technical users who might not be able to find and > install linux drivers for whatever strange hardware that they have. A > custom image that can control all dependencies and have full permissions to > fetch and install whatever drivers it needs would probably get many more > good nodes onto the network, with much less confusion from users. It's also > possible that an image like that could be more aggressive trying to get the > node online, and just use more resources if it knows that it's not running > on a box which is used for anything else. Like, it could use all disk > resources without worrying about starving anyone else, create and delete > users, and generally just assume that it's the only thing running. Would be > a great way to make it as simple as possible, and also provide a way for > people to sunset their old, but still usable boxes without hassle. > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
