[tor-dev] The Torouter and the DreamPlug

Fabian Keil freebsd-listen at fabiankeil.de
Sat Jun 11 14:11:59 UTC 2011

andrew at torproject.org wrote:

> On Fri, Jun 10, 2011 at 07:12:25PM +0000, jacob at appelbaum.net wrote 1.7K bytes in 39 lines about:
> : I did not suggest a backdoor! I suggested a method of remotely helping
> This comes across as "it's not a backdoor, it's a highly secured front
> door that only law enforcement will have access to in order to catch
> criminals".   

I think that's stretching it quite a bit.

If the SSH access is documented, optional and is only intended be
used with the user's consent (something Jakob stated several time
already), the risk seems to be comparable to accepting binary-updates
(or only checking signatures when building from source).

Personally I think even if the optional SSH access would be available
after the alpha testing phase, the main problem would be that it
doesn't scale.

How useful it would be is another question. In a lot of situations
where the user reports that the "Torouter does not work" the SSH
access may "not work" either ...

> : someday. It's a bad idea to just mail off a bunch of hardware and hope
> : for the best. We should provide some kind of support and help for the
> : device during the alpha testing phase of the project.
> Then we shouldn't ship the hardware yet.  The hardware needs to stand on
> its own, with real users, and not have a way we can remotely access
> anything. 

Are you objecting to auto-updates, too, then?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20110611/17d127f5/attachment-0001.pgp>

More information about the tor-dev mailing list