[tor-talk] Cloak Tor Router

Sun Nov 9 09:03:34 UTC 2014

On Sunday 02 November 2014 11:52:48 Aymeric Vitte wrote:
> > Yeah I guess we are less "marketing oriented" perhaps even to a fault.  Anonabox definitely kicked up more interest than Cloak have done so far.
> I don't know how anonabox did to attract so many people so quickly, I 
> guess they have some contacts in the press and blogs, this campaign was 
> something like an organized "gang" attack, unfortunatley this might have 
> rendered people skeptical now for your campaign.

And he just managed - sort of - to do it again.  This time he has resurfaced in Indiegogo claiming to use PORTAL (the OpenWrt version hasn't been updated for 2 years so I am not sure why he think that will make it better).

> > The enclosure design has not been finalized but we do have an idea and a designer working on it and Adrian have just changed the image to show the first rendering.  Do check it out if you feel like it - I think the "stealth look'n'feel) is quite cool.  Size wise it will be smaller than a TP-Link MR3020.
> Maybe you should highlight it more in the presentation, so potential 
> backers see it right away, as well as a simple drawing showing how to 
> connect to the box easily, suggestions...

There is a new 3D rendering which will be uploaded today.

> >> And probably you know already the drawdbacks of such approach,
> > I am aware of some but I am also quite sure there are some I haven't considered, so input is appreciated.
> > I think the hardest part is to make non-technical users aware that a Tor router can only do so much.  Their behavior using such a router is just as important (or more).

I think the only approach is proper documentation.

> > The trick is to find a balance and I guess that is what I personally hope to find by discussing it here.  If a general consensus over a reasonable list of ports that are routed through Tor could be reached that would be great.
> > HTTPS you say.  What about for example XMPP, IMAP etc?
> The balance is not easy to find I think, as everybody knows anonymizing 
> you wrongly will lead to the contrary.
> The rule could be "everything that is using SSL", if not the exit nodes 
> can MITM you

Problem is that would require protocol inspection and that is probably a bit outside the real of possibility for a processor of the size we imagine in the Cloak.  I think the best approach is to close everything by default and then have a whitelist of well defined ports that is well documented - including the possible dangers.

> >> Potential applications (among tons of possible ones) see the links
> >> below: node-Tor (Cloak with a much smaller package), Peersm
> >> clients/bridges [1] (permanent background processes in the box, like
> >> bittorrent clients in ISP boxes), torrent-live (find/block/track
> >> monitoring spies + maintain a real time blocklist bittorrent client)
> > My personal expertise is networking and embedded Linux and I would be happy to run some tests on this and/or participate in any projects getting something like this going.
> Interesting, that's cool that you did consider it and shows that the 
> project is not only about packaging Tor is some small hw, I don't know 
> with what apps you did test it but probably some optimization can be 
> made for the gc issues, and the whole nodejs might not be required, I 
> will contact you off the list to see what can be done (if you have time 
> of course, probably busy by the campaign right now)

Let's move that one off-list, but I'll be happy to discuss any ideas you might have.

-- 
Lars Boegild Thomsen
https://reclaim-your-privacy.com
Jabber/XMPP: lth at reclaim-your-privacy.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20141109/e5b041a5/attachment.sig>