On Thu, Oct 16, 2014 at 11:56:57AM -0700, Mike Perry wrote:
As a result of their claims not matching up to reality, I've been debating writing a blog post warning about the various issues with Anonabox
I think a blog post teaching people about the issues is a fine plan.
I was thinking something like:
- Many people keep wanting to build a magic anonymity box. And it's really appealing to not have to change your behavior or your application settings, and just magically get anonymity, so I can understand why the idea keeps popping up.
- Unfortunately, if you just route all your traffic through Tor, you're only solving half the problem: all the application-level issues remain. First this is a problem when you use your Chrome over Tor and then wonder how websites are able to recognize you anyway (remember all the protections that Tor Browser adds over vanilla Firefox). And second, as you say in your post here, it's a problem because of all the chatter that comes from background applications, update attempts, printer notifications, and so on that most systems do by default these days.
- To be fair, some expert users may still get a benefit from Torifying their traffic. For example, if they've already set up a firewall to block everything they don't want talking, and now they want to use an application that's hard to configure a proxy for. Or if they have thought deeply about their threat model and they don't want a lot of the anonymity properties that Tor aims to offer. But that user is very far from the target audience for these magic anonymity boxes.
- The best design we've been able to come up with is one that forces you to be using Tor on your side, and only allows your traffic through if it's coming from Tor. Making it use a proxy, or maybe even better a Tor bridge, that's running on the router seems a fine way to do this limiting. And we could also imagine running a captive portal website on the router that intercepts outgoing port 80 requests and teaches you what you need to do to use this network connection safely. Perhaps it has a local copy of Tor Browser for you (but how does the user know it's the real Tor Browser?), or perhaps it lets you reach https://www.torproject.org/ so you can fetch it yourself.
- This approach sure isn't as usable as the magic anonymity box. What a great research area! But be aware that people have been thinking about this issue for several years now, and don't get fooled by solutions that brush all the above details under the rug.
This may also be a good opportunity to point people at https://www.usenix.org/conference/foci14/workshop-program/presentation/edmun...
--Roger