[tor-dev] The Torouter and the DreamPlug

andrew at torproject.org andrew at torproject.org
Sat Jun 11 13:00:30 UTC 2011

On Fri, Jun 10, 2011 at 04:15:43PM +0000, jacob at appelbaum.net wrote 15K bytes in 322 lines about:
: I think we should re-flash with an OS that makes hardening a priority. We
: should only harden the OS in the sense that we should strip out anything
: that we do not require for our uses. Debian and Ubuntu both have compiler
: hardening flags enabled by default but in general, I'd consider Ubuntu's
: userspace to be proactively improved and their kernel ships with quite a few
: security improvements. I'm not sure about the kernel status for Debian or
: who is proactively working on security in Debian.

Let's go back to the original point of the tor router.  It is to
provide a consumer-level Internet NAT/router that is a tor bridge.
This way, people have a functional Internet gateway, and also give
blocked users access to information via tor.  The target user is someone
who cannot configure tor themselves, but wants to help out with nearly
zero effort.  From what we're discussing, the excito is still that device.

We're only attracted to the dreamplug because it's cheaper.  If we're
going to ship a device that is only usable to 10 people in the world,
then we shouldn't waste our time and ship anything.  We can simply
document how to turn your dreamplug into a secure tor relay/bridge and
let those so interested do it. As it is, the dreamplug is already
difficult to use for 90% of the world because it's ssh only.  ssh and
vi only and consumer friendly generally do not go together.

pgp key: 0x74ED336B

More information about the tor-dev mailing list