[tor-talk] Cloak Tor Router

[Aymeric Vitte]

Le 02/11/2014 04:10, Lars Boegild Thomsen a écrit :
> On Saturday 01 November 2014 12:39:59 Aymeric Vitte wrote:
>> https://www.kickstarter.com/projects/1227374637/cloak, I would say that
>> the presentation is less "marketing oriented" than the anonaflop, after
>> a quick look, maybe the look of the box and its size does not appear
>> obvious to the potential pledgers.
> Yeah I guess we are less "marketing oriented" perhaps even to a fault.  Anonabox definitely kicked up more interest than Cloak have done so far.

I don't know how anonabox did to attract so many people so quickly, I 
guess they have some contacts in the press and blogs, this campaign was 
something like an organized "gang" attack, unfortunatley this might have 
rendered people skeptical now for your campaign.

>
> The enclosure design has not been finalized but we do have an idea and a designer working on it and Adrian have just changed the image to show the first rendering.  Do check it out if you feel like it - I think the "stealth look'n'feel) is quite cool.  Size wise it will be smaller than a TP-Link MR3020.

Maybe you should highlight it more in the presentation, so potential 
backers see it right away, as well as a simple drawing showing how to 
connect to the box easily, suggestions...

>
>> And probably you know already the drawdbacks of such approach,
> I am aware of some but I am also quite sure there are some I haven't considered, so input is appreciated.
>
> I think the hardest part is to make non-technical users aware that a Tor router can only do so much.  Their behavior using such a router is just as important (or more).

>
>> so from
>> my standpoint some minimal rules should be added not to fool the users
>> but this will make the device less interesting for them, like: only
>> allow https traffic,
> The trick is to find a balance and I guess that is what I personally hope to find by discussing it here.  If a general consensus over a reasonable list of ports that are routed through Tor could be reached that would be great.
>
> HTTPS you say.  What about for example XMPP, IMAP etc?

The balance is not easy to find I think, as everybody knows anonymizing 
you wrongly will lead to the contrary.

The rule could be "everything that is using SSL", if not the exit nodes 
can MITM you

Your TV media device that you mention in another answer is a good 
example, I have the same issue (what is this thing sending outside?), 
and people will have more and more the issue with the raise of 
connected/ott devices, then the box could allow to easily block whatever 
device too, which would be connected to your box, not to the ISP box. I 
have tried to discuss a little bit with some ISPs about putting in the 
boxes the project examples I gave, but at a certain point of time I felt 
like I would have to pay something, while my intent was the contrary, so 
beside the anonymity aspects there is definitely an interest of devices 
such as Cloak.

Regarding the prng topic, an idea that I have in mind since some time is 
to use the Tor protocol itself to gain entropy (not tested, neither 
proven secure), establishing Tor circuits is not trivial and a lot of 
unexpected things can occur as far as I have observed with node-Tor, 
which produces numerous events not predictable at all I believe.

>
>> do not run Tor over Tor (ie if the user is using
> The Tor over Tor that you mention (and someone else mentioned it too) is interesting.  That I hadn't thought about at all honestly.
>
> Question is - can that actually be done technically at a networking level?

I don't see how, unless the box can detect that it is Tor traffic, which 
is not supposed to be easy, and then route the message directly without 
using the Tor circuits, changing the proxy settings to the box looks to 
be the right solution, but it is not very user friendly

>    Can Tor in fact bootstrap itself over a Tor connection?

Tor over Tor is establishing Tor circuits over Tor circuits, ie the exit 
nodes will establish them, which is quite inefficient


>
>> But that's not my point, can such device run nodejs and did you ever try
>> it/compare it with the traditional approach?
> Hmmm, I am a little confused about the node.js question.  As I mentioned I am developing Internet of Things modules based on the same hardware design and I have actually managed to get node.js running on it.  We were looking for a scripting language that didn't put too much strain on the rather limited hardware resources (python, perl, erlang and well node.js) and node.js was by far the most well behaved.  It is not small though.  I think the Flash footprint was in the region of 3-4 MB and it is quite memory hungry.  Essentially node.js take more resources to itself than the tor daemon.
>
>> The interest is that nodejs
>> packages/apps are much more light than usual C/C++ packages
> That depends really.  By themselves yes they are smaller.  But the node.js is not small and memory is perhaps the biggest issue.  Like all scripting languages node.js rely on some garbage collection of resources that are no longer used and it tends to leave a lot of wasted resources around for a while.
>
>> Potential applications (among tons of possible ones) see the links
>> below: node-Tor (Cloak with a much smaller package), Peersm
>> clients/bridges [1] (permanent background processes in the box, like
>> bittorrent clients in ISP boxes), torrent-live (find/block/track
>> monitoring spies + maintain a real time blocklist bittorrent client)
> My personal expertise is networking and embedded Linux and I would be happy to run some tests on this and/or participate in any projects getting something like this going.

Interesting, that's cool that you did consider it and shows that the 
project is not only about packaging Tor is some small hw, I don't know 
with what apps you did test it but probably some optimization can be 
made for the gc issues, and the whole nodejs might not be required, I 
will contact you off the list to see what can be done (if you have time 
of course, probably busy by the campaign right now)

>
>> [1] https://github.com/Ayms/node-Tor/tree/master/install

-- 
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms