[tor-talk] Tor router requirements / best practices [was: Cloak Tor Router]

Aymeric Vitte vitteaymeric at gmail.com
Tue Nov 18 16:35:53 UTC 2014 

I am not sure we are talking about the same thing, or at least we see it 
differently, I don't see very well what would be the use of a box acting 
as a bridge, it would mean that the OP is inside your device while the 
box is supposed to anonymize (as far as it can) or block the traffic 
from any devices on the local network.

I don't see very well what would do the captive portal too (why port 80 
only?)

Mike wrote:

"...to design a secure pairing system between Tor Browser and a Tor 
router ..."

"In this mode, the Tor router could actually act as a defense-in-depth 
mechanism that would block all non-proxied traffic, providing additional 
protection against browser or other remote exploits, by only allowing 
properly Tor-configured application traffic to exit onto the Tor network."

OK for browsing, but then you would block all the traffic for apps or 
devices that you can not proxy.

As I see it the interest of such a box is to centralize the traffic of 
whatever connected object you have and decide if it should be blocked or 
routed through Tor or not.

I don't see an ideal design but I think the box could have as simple 
interface where for any connected device the user can choose:

block (default yes)

if not blocked:

ssl : block/Tor/not Tor - default Tor

non ssl: block/Tor/not Tor - default not Tor

With the pairing system mentioned above where the user would use the FF 
Tor browser if available on the device with the proxy automatically set 
to the box and where the box would let go through Tor the traffic that 
is proxied to it independantly of the above rules except if the device 
is blocked.

Still the user would have to do some configuration but that does not 
look complicate.

This assumes that you trust your local network.


Le 17/11/2014 19:35, Rusty Bird a écrit :
> coderman wrote:
>
>> - The best design we've been able to come up with is one that forces you
>> to be using Tor on your side, and only allows your traffic through if it's
>> coming from Tor.
> corridor has such a design:
> https://github.com/rustybird/corridor
>
> I'd love to turn it into a bona fide WiFi hotspot:
> https://github.com/rustybird/corridor#todo
>
>> Making it use a proxy, or maybe even better a Tor bridge,
>> that's running on the router seems a fine way to do this limiting.
> Doesn't bridge connection setup (on the client side) complicate things
> too much, especially for people unfamiliar with Tor?
>
> More importantly, a bridge would usurp the position of any circuit's
> first hop. Though there's a trac ticket somewhere about plans to make
> bridges the zeroth node before the other three.
>
>> And we
>> could also imagine running a captive portal website on the router that
>> intercepts outgoing port 80 requests and teaches you what you need to
>> do to use this network connection safely. Perhaps it has a local copy
>> of Tor Browser for you (but how does the user know it's the real Tor
>> Browser?), or perhaps it lets you reach https://www.torproject.org/
>> so you can fetch it yourself.
> Yup, see the todo.
>
> I really hope to be able to work on this in the next months. If not,
> maybe you can find some use in the corridor repo.
>
> Rusty Bird
>
>
>

-- 
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

More information about the tor-talk mailing list