Recommendation for DUMB COMPUTING devices for Tor Relays
The Tor Project website recommends various security setups for people running Tor relays. Such as, don't run a web browser on the same machine as your Tor relay, otherwise the browser could get hacked, and then if Tor relays are hacked, it compromises the entire concept of Tor. In the age of FBI mass hacking, the FBI will attempt to hack all Tor relays, and thus, they can trace traffic throughout the entire proxy chain. According to NSA documents, all it takes is "one page load" to infect a browser, because they re-direct you to a fake website that hosts browser exploits, known as QUANTUM INSERT. The FBI will use this to take over all Tor relays that are running web browsers. So, I have a suggestion that I would like Tor Project to recommend. Tor Project needs to tell people.. use DUMB COMPUTING devices for running Tor relays. If your computer gets hacked, it can be deeply exploited in the firmware, such as BIOS, GPU, WiFi chip, etc. There are devices on the market, such as Raspberry Pi, or similar, which have NO WRITABLE FIRMWARE. This is known as being "stateless". It does not "hold state" across reboots. All firmware/drivers are stored on the SD card on the Raspberry Pi, and only loaded in on boot time. No component on the entire Pi holds state. NONE. There will likely be other similar devices. Therefore, it is truly possible to wipe a dumb computing device completely clean. If you try to wipe a regular laptop or desktop, you may have all this deeply infected firmware, such as BIOS, so you keep getting re-infected upon startup. Some people say, once deeply infected, it's near-impossible to clean it out, and you should just throw away your entire laptop and start again. Everyone running a Tor relay should be told to use a DUMB COMPUTING DEVICE. Another advantage is that these devices are often very cheap. Raspberry Pi is very cheap to buy. Other devices may be even cheaper. The instructions should be as follows... (1) Wipe your device clean, i.e. wipe clean the SD card which holds the OS + all firmware/drivers. (2) Then, re-install the OS clean, install Tor, and set up the relay. (3) Tor should be installed from the command line or from a previously-downloaded version on USB stick. Do not install Tor using the web browser, otherwise you could get infected. (4) Do not run anything else on the machine, other than the Tor relay. Using other programs, especially the web browser, could compromise the entire machine. And that's it. Tor Project should send out a message telling all people running Tor relays to follow these instructions. Let me know what you think.
Wouldn't it just be easier to use Tails? On Oct 21, 2016 7:08 AM, "Dan Michaels" <danmichaels8876@gmail.com> wrote:
The Tor Project website recommends various security setups for people running Tor relays.
Such as, don't run a web browser on the same machine as your Tor relay, otherwise the browser could get hacked, and then if Tor relays are hacked, it compromises the entire concept of Tor.
In the age of FBI mass hacking, the FBI will attempt to hack all Tor relays, and thus, they can trace traffic throughout the entire proxy chain.
According to NSA documents, all it takes is "one page load" to infect a browser, because they re-direct you to a fake website that hosts browser exploits, known as QUANTUM INSERT. The FBI will use this to take over all Tor relays that are running web browsers.
So, I have a suggestion that I would like Tor Project to recommend.
Tor Project needs to tell people.. use DUMB COMPUTING devices for running Tor relays.
If your computer gets hacked, it can be deeply exploited in the firmware, such as BIOS, GPU, WiFi chip, etc.
There are devices on the market, such as Raspberry Pi, or similar, which have NO WRITABLE FIRMWARE.
This is known as being "stateless".
It does not "hold state" across reboots.
All firmware/drivers are stored on the SD card on the Raspberry Pi, and only loaded in on boot time. No component on the entire Pi holds state. NONE. There will likely be other similar devices.
Therefore, it is truly possible to wipe a dumb computing device completely clean.
If you try to wipe a regular laptop or desktop, you may have all this deeply infected firmware, such as BIOS, so you keep getting re-infected upon startup.
Some people say, once deeply infected, it's near-impossible to clean it out, and you should just throw away your entire laptop and start again.
Everyone running a Tor relay should be told to use a DUMB COMPUTING DEVICE.
Another advantage is that these devices are often very cheap. Raspberry Pi is very cheap to buy. Other devices may be even cheaper.
The instructions should be as follows...
(1) Wipe your device clean, i.e. wipe clean the SD card which holds the OS + all firmware/drivers.
(2) Then, re-install the OS clean, install Tor, and set up the relay.
(3) Tor should be installed from the command line or from a previously-downloaded version on USB stick. Do not install Tor using the web browser, otherwise you could get infected.
(4) Do not run anything else on the machine, other than the Tor relay. Using other programs, especially the web browser, could compromise the entire machine.
And that's it.
Tor Project should send out a message telling all people running Tor relays to follow these instructions.
Let me know what you think.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 firmware of RPi can be changed: https://github.com/Hexxeh/rpi-update / https://github.com/Hexxeh/rpi-firmware next to that the official firmware of RPi is closed source. you have no idea what it does and RPi is build by a small company in the UK, very likely that they will accept a generous offer by the FBI/NSA/USA. solder your own shit if you want to be protected on this level. On 10/21/2016 02:08 PM, Dan Michaels wrote:
The Tor Project website recommends various security setups for people running Tor relays.
Such as, don't run a web browser on the same machine as your Tor relay, otherwise the browser could get hacked, and then if Tor relays are hacked, it compromises the entire concept of Tor.
In the age of FBI mass hacking, the FBI will attempt to hack all Tor relays, and thus, they can trace traffic throughout the entire proxy chain.
According to NSA documents, all it takes is "one page load" to infect a browser, because they re-direct you to a fake website that hosts browser exploits, known as QUANTUM INSERT. The FBI will use this to take over all Tor relays that are running web browsers.
So, I have a suggestion that I would like Tor Project to recommend.
Tor Project needs to tell people.. use DUMB COMPUTING devices for running Tor relays.
If your computer gets hacked, it can be deeply exploited in the firmware, such as BIOS, GPU, WiFi chip, etc.
There are devices on the market, such as Raspberry Pi, or similar, which have NO WRITABLE FIRMWARE.
This is known as being "stateless".
It does not "hold state" across reboots.
All firmware/drivers are stored on the SD card on the Raspberry Pi, and only loaded in on boot time. No component on the entire Pi holds state. NONE. There will likely be other similar devices.
Therefore, it is truly possible to wipe a dumb computing device completely clean.
If you try to wipe a regular laptop or desktop, you may have all this deeply infected firmware, such as BIOS, so you keep getting re-infected upon startup.
Some people say, once deeply infected, it's near-impossible to clean it out, and you should just throw away your entire laptop and start again.
Everyone running a Tor relay should be told to use a DUMB COMPUTING DEVICE.
Another advantage is that these devices are often very cheap. Raspberry Pi is very cheap to buy. Other devices may be even cheaper.
The instructions should be as follows...
(1) Wipe your device clean, i.e. wipe clean the SD card which holds the OS + all firmware/drivers.
(2) Then, re-install the OS clean, install Tor, and set up the relay.
(3) Tor should be installed from the command line or from a previously-downloaded version on USB stick. Do not install Tor using the web browser, otherwise you could get infected.
(4) Do not run anything else on the machine, other than the Tor relay. Using other programs, especially the web browser, could compromise the entire machine.
And that's it.
Tor Project should send out a message telling all people running Tor relays to follow these instructions.
Let me know what you think.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJYCgcMAAoJEE6fMe4ysJ7MRdMIALyGiB2tJW+Nmcq1ofI5xIgx 08yy7QBKC5O5p7qAC8olFAOfLTIUwhrzyxYtJ73qLAuPtzTEnqBYnrenKNDG5yvf KeTGsCb2J+/pmG50v25qrjfHWuy3o4UmmLpIEaDY/SZxVDSPnkByMSpfNV6I4uaP LxfzAR7fTb6RcPitigg8aQZx6CkJ9AgWFtDenBrJb0LhXHiUiOKQOAhw+ze3pYxd OpB6Wkkm0l5e58XpVTiknAzJ+xknqO2G3xshuMnkb39u3UqGEMRQiyiiMSMhxulO CCP16wJBuxrCVMEvJuEBlczeyqWrSvNGl9joycUlHln/tB5Nzan22ai2IIoj40c= =9iu9 -----END PGP SIGNATURE-----
I can confirm "rpi-update" usually works fine to update firmware. But don't forget to run this command sometimes by hand, no auto-update during the system /apt-get upgrade/
firmware of RPi can be changed: https://github.com/Hexxeh/rpi-update / https://github.com/Hexxeh/rpi-firmware -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
Regardless of whether the Pi’s firmware can actually be updated or not – it’s probably not good for diversity to run the whole Tor network on a single kind of device: we don’t want every relay in the network to be compromised when a single flaw on the Pi is found. Performance might also suffer, though I hear it’s gotten better with the Pi 3. For stateless x86 hardware, this paper is very interesting: Joanna Rutkowska, State considered harmful – A proposal for a stateless laptop. http://blog.invisiblethings.org/papers/2015/state_harmful.pdf On 21.10.2016 14:24, Petrusko wrote:
I can confirm "rpi-update" usually works fine to update firmware.
But don't forget to run this command sometimes by hand, no auto-update during the system /apt-get upgrade/
firmware of RPi can be changed: https://github.com/Hexxeh/rpi-update / https://github.com/Hexxeh/rpi-firmware
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
In the age of FBI mass hacking, the FBI will attempt to hack all Tor relays, and thus, they can trace traffic throughout the entire proxy chain.
You don't think that would be risky for the FBI in terms of being exposed by security researchers who catch them? And by proxy chain you mean tor circuit?
According to NSA documents, all it takes is "one page load" to infect a browser, because they re-direct you to a fake website that hosts browser
what do you mean by fake website? Perhaps what you mean is: If HTTP is used then TCP injection can be used by an attacker to inject content into a server's reply. That reply could then tell the client's browser to fetch another URL. That URL could be served from a hacked machine over HTTPS/TLS and only served once. The content that is served is a browser zero-day. Pwn the client.
exploits, known as QUANTUM INSERT. The FBI will use this to take over all Tor relays that are running web browsers.
Oooh NSA code-words! Heard of my "quantum insert" detector? Passively sniff traffic on your Tor exit node and find quantum inserts? https://github.com/david415/HoneyBadger Are you suggesting that the FBI doesn't have any risk assessment procedure when deciding to break the law and illegally compromise network infrastructure?
Hi there, More likely, they just compromise your relay in runtime. Reflashing the boot firmware is theoretical, but due to the huge variation in the hardware running Tor, I am not convinced using such an exploit on vast numbers of computers is entirely practical. Since relays are up for months at a time in some cases, just a more subtle exploit is probably more successful, if I understand the capabilities of known attacks. This also reduces the likelihood of security researchers (who are naturally more accustomed to running and analysing Tor relays) discovering that an exploit has occurred and reverse engineering it to see how it works. Besides, the Raspberry Pi runs various proprietary firmwares, with drivers naturally running in kernel space (the highest privilege level of the operating system). These are a backdoor. If we work from the various assumptions that you are making, it is probably better to run a VM of Debian without the nonfree repos, removing ssh access and closing as many ports as possible. If you want a stateless computer, currently a good option might be a laptop supported in Coreboot (*without the management engine blob etc*), write protecting the flash chip, and running Tails or Tor ramdisk from a CD. I own an old Lenovo X200 and it works well. A better way to increase diversity is to run VMs that have different operating systems on them. More BSD relays are good. OpenBSD is a good choice since they have reasonably up-to-date packages, if I remember correctly. Long story short, moving everyone to vulnerable embedded systems (which are even more proprietary than Intel systems) is not the answer. I am not convinced it would benefit the Tor network. It may indeed reduce diversity, not to mention performance. Of course, more relays are good, but only in addition to the current network. Hope this helps, D On 21 October 2016 13:08:24 BST, Dan Michaels <danmichaels8876@gmail.com> wrote:
The Tor Project website recommends various security setups for people running Tor relays.
Such as, don't run a web browser on the same machine as your Tor relay, otherwise the browser could get hacked, and then if Tor relays are hacked, it compromises the entire concept of Tor.
In the age of FBI mass hacking, the FBI will attempt to hack all Tor relays, and thus, they can trace traffic throughout the entire proxy chain.
According to NSA documents, all it takes is "one page load" to infect a browser, because they re-direct you to a fake website that hosts browser exploits, known as QUANTUM INSERT. The FBI will use this to take over all Tor relays that are running web browsers.
So, I have a suggestion that I would like Tor Project to recommend.
Tor Project needs to tell people.. use DUMB COMPUTING devices for running Tor relays.
If your computer gets hacked, it can be deeply exploited in the firmware, such as BIOS, GPU, WiFi chip, etc.
There are devices on the market, such as Raspberry Pi, or similar, which have NO WRITABLE FIRMWARE.
This is known as being "stateless".
It does not "hold state" across reboots.
All firmware/drivers are stored on the SD card on the Raspberry Pi, and only loaded in on boot time. No component on the entire Pi holds state. NONE. There will likely be other similar devices.
Therefore, it is truly possible to wipe a dumb computing device completely clean.
If you try to wipe a regular laptop or desktop, you may have all this deeply infected firmware, such as BIOS, so you keep getting re-infected upon startup.
Some people say, once deeply infected, it's near-impossible to clean it out, and you should just throw away your entire laptop and start again.
Everyone running a Tor relay should be told to use a DUMB COMPUTING DEVICE.
Another advantage is that these devices are often very cheap. Raspberry Pi is very cheap to buy. Other devices may be even cheaper.
The instructions should be as follows...
(1) Wipe your device clean, i.e. wipe clean the SD card which holds the OS + all firmware/drivers.
(2) Then, re-install the OS clean, install Tor, and set up the relay.
(3) Tor should be installed from the command line or from a previously-downloaded version on USB stick. Do not install Tor using the web browser, otherwise you could get infected.
(4) Do not run anything else on the machine, other than the Tor relay. Using other programs, especially the web browser, could compromise the entire machine.
And that's it.
Tor Project should send out a message telling all people running Tor relays to follow these instructions.
Let me know what you think.
------------------------------------------------------------------------
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
There a also some x86 mainboards which supported by coreboot. You could run your boot loader or kernel with initrd from the flash chip, if the capacity is big enough or you create your own embedded system with tor. And all works very well ... On 21.10.2016 17:56, Duncan Guthrie wrote:
If you want a stateless computer, currently a good option might be a laptop supported in Coreboot (*without the management engine blob etc*), write protecting the flash chip, and running Tails or Tor ramdisk from a CD. I own an old Lenovo X200 and it works well.
participants (8)
-
Corné Oppelaar -
Dan Michaels -
dawuud -
diffusae -
Duncan Guthrie -
Lucas Werkmeister -
Petrusko -
Tristan