[tor-talk] Tor Relay Smartphone App
Casey Rodarmor
casey at rodarmor.com
Mon Oct 13 04:57:29 UTC 2014
I just thought of an additional perk: The custom distro could blacklist
known-bad hardware. Some random linux user will probably be pretty annoyed
if their computer doesn't work when they just want to do some non-sensitive
task, but someone installing the Tor custom distro would probably be happy
to be presented with a message like "I think your hardware or firmware is
compromised with a backdoor or surveillance mechanism. <insert identifying
information of device>. Please rip it out, stomp on it, put in a new
component from a different vendor, and reboot. Don't worry user, it isn't
your fault, the internet still loves you."
On Mon, Oct 13, 2014 at 1:35 PM, Casey Rodarmor <casey at rodarmor.com> wrote:
> On Mon, Oct 13, 2014 at 1:07 PM, Griffin Boyce <griffin at cryptolab.net>
> wrote:
>
>> There are lots of issues with hardware projects and it costs an obscene
>> amount of money -- not to mention the implications on security and
>> anonymity that it would introduce.
>>
>
> Do you think there's any way it could be done without creating said
> problems for security and anonymity? Perhaps by just publishing an open
> spec and the auto-booting relay image and letting hardware manufacturers,
> totally independently, produce and sell designs that conform. A conforming
> design is just one that meets the hardware spec and that the manufacturer
> claims will successfully run the image without any user intervention. The
> Tor project simply trademarks a logo and phrase, like "Tor Awesomeness
> Compliant" and a cute cartoon onion, and makes sure that no designs that
> are under spec or don't run the image use the slogan. They also make sure
> that anyone that uses the phrase also always includes a message like "The
> Tor Awesomeness Compliance mark and associated image of Vidalita, the
> adorable privacy respecting chibi-onion, does not mean that this machine is
> individually tested or certified by the Tor Project. It may have security
> flaws or back doors." so manufacturers can't claim or represent that its
> machines are known secure, just that they can run the image and be a good
> relay. This might still create problems if ne'er-do-wells might intercept a
> whole bunch of computers in the mail that they know are only being used as
> tor nodes. It might not create problems if the certification and image is
> popular, and tons of computers are certified that have tones of other
> possible uses.
>
>
>> Create a disk image of a free operating system that boots and tries to
>>> run the best node it can with whatever hardware it happens to have. It
>>> might also try to upgrade and apply security patches to the operating
>>> system and get the latest version of tor.
>>>
>>
>> This could work, but would need a maintainer.
>
>
> So, just totally totally hypothetically, not trying to sign up for yet
> another project that I don't know if I have time for, I could maybe be the
> maintainer for such a thing. I'm a programmer, an ex site reliability
> engineer, and have some experience with both low-level programming and
> keeping unix systems running. However, I am not a security, privacy, or
> anonymity expert, so I would need the support of Very Clever People whose
> advice I could rely on to tell me what to do, and how to patch any horrible
> security vulnerability bugs that my horrible shell scripts might have.
> Hopefully the extra surface area of such a distro would be very small, just
> a few extra scripts and config files, so there wouldn't be a ton to audit.
>
>
>> Lots of hosts have pre-made images for other uses, and there are projects
>> like VirtualBoxes[2] that might be good places to distribute these. An
>> easier way would probably be to use something like a python/bash script or
>> an ansible playbook to install dependencies, set permissions, and detect
>> speed to configure the torrc.
>
>
> That's a good idea, but I think that hardware compatibility is a big issue
> here, especially for non-technical users who might not be able to find and
> install linux drivers for whatever strange hardware that they have. A
> custom image that can control all dependencies and have full permissions to
> fetch and install whatever drivers it needs would probably get many more
> good nodes onto the network, with much less confusion from users. It's also
> possible that an image like that could be more aggressive trying to get the
> node online, and just use more resources if it knows that it's not running
> on a box which is used for anything else. Like, it could use all disk
> resources without worrying about starving anyone else, create and delete
> users, and generally just assume that it's the only thing running. Would be
> a great way to make it as simple as possible, and also provide a way for
> people to sunset their old, but still usable boxes without hassle.
>
More information about the tor-talk
mailing list