On 11/10/14, Lars Boegild Thomsen <l...@reclaim-your-privacy.com> wrote: > ... > Would run an OpenWrt build with Tor as Relay/Exit just fine. And I would be > quite OK if the Relay/Exit version required some technical skills for > installation (as in was not available as a ready flashed plug-and-go > device).
prior testing on similar hardware shows them at the bottom of the relay capacity pool. the trend the last few years has been toward faster relays, rather than more relays, because of other pressures in the Tor directory consensus. > My own area of expertise is mainly the embedded Linux part and some solid > network/unix foundation, it appears anonymous contributors have edited https://titanpad.com/l2Wog5Hhk5 which would be useful to integrate back into a Tor wiki page like https://trac.torproject.org/projects/tor/wiki/doc/Torouter including any feedback you, or any other contributors, may have to provide. the main points are provided by arma and mike in these threads: mike: https://lists.torproject.org/pipermail/tor-relays/2014-October/005541.html arma: https://lists.torproject.org/pipermail/tor-relays/2014-October/005544.html """ I was thinking something like: - Many people keep wanting to build a magic anonymity box. And it's really appealing to not have to change your behavior or your application settings, and just magically get anonymity, so I can understand why the idea keeps popping up. - Unfortunately, if you just route all your traffic through Tor, you're only solving half the problem: all the application-level issues remain. First this is a problem when you use your Chrome over Tor and then wonder how websites are able to recognize you anyway (remember all the protections that Tor Browser adds over vanilla Firefox). And second, as you say in your post here, it's a problem because of all the chatter that comes from background applications, update attempts, printer notifications, and so on that most systems do by default these days. - To be fair, some expert users may still get a benefit from Torifying their traffic. For example, if they've already set up a firewall to block everything they don't want talking, and now they want to use an application that's hard to configure a proxy for. Or if they have thought deeply about their threat model and they don't want a lot of the anonymity properties that Tor aims to offer. But that user is very far from the target audience for these magic anonymity boxes. - The best design we've been able to come up with is one that forces you to be using Tor on your side, and only allows your traffic through if it's coming from Tor. Making it use a proxy, or maybe even better a Tor bridge, that's running on the router seems a fine way to do this limiting. And we could also imagine running a captive portal website on the router that intercepts outgoing port 80 requests and teaches you what you need to do to use this network connection safely. Perhaps it has a local copy of Tor Browser for you (but how does the user know it's the real Tor Browser?), or perhaps it lets you reach https://www.torproject.org/ so you can fetch it yourself. - This approach sure isn't as usable as the magic anonymity box. What a great research area! But be aware that people have been thinking about this issue for several years now, and don't get fooled by solutions that brush all the above details under the rug.... """ best regards, -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
