And 5 "do not send anything outside", no? Usually you can restrict with
your ISP box but can you trust it?
What happens if you connect directly your PC to the Cloak with a cable?
Maybe the concept of several wifis is good but I don't see it very
usable, not sure what would be the security requirements for this but
assuming that I am trusting my local network why not a simple web
interface where you can configure the same for any device connected to
the box:
- do not allow anything outside
- allow all traffic outside Tor
- force everything through Tor (warning: close your bittorrent clients)
option: the Cloak could detect the bittorrent traffic
- force eveything through Tor except torrents
- force ssl through Tor, non ssl outside
...
Regards,
Le 05/11/2014 05:19, Lars Boegild Thomsen a écrit :
On Sunday 02 November 2014 00:47:40 coderman wrote:
even a simple one time, "You are about to route your traffic over the
Tor network. Turn off your torrents and don't upgrade poorly written
applications".
the zero guidance to unsuspecting is what i am most concerned about;
even basic captive portal warning would be a benefit.
I will definitely look into this one. This should be quite easy to implement
by messing a bit with the firewall tables :)
Only problem I see is that to make it useful I think it would have to time out at some
point. One example I have bought up a few times is my cheap and rather chatty media
player. I have not dug into the details exactly but I _know_ it "phones home"
regularly and it is definitely a use case where the Tor browser bundle would be
impossible. Problem is that one is unattended so if I were to do a captive portal kind
of page and that would require a positive acceptance, the Cloak would be useless for this
scenario.
Number of wireless networks are not an issue so I _am_ beginning to think that
more than two is necessary. For example:
1. Open - Open network - no Tor
2. Transparent proxy - all tcp traffic allowed - forced through Tor -
everything on separate circuits - captive warning
3. Transparent proxy as 2 minus captive portal (for gadgets or someone who know
what they are doing)
4. Isolating proxy - only https allowed - forced through Tor - everything on
separate circuits and everything else blocked
It is not really a problem to make more than two so if this makes the Cloak
more flexible I'd say it's the way to go.
--
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
