[tor-relays] Anonbox Project

Mike Perry mikeperry at torproject.org
Thu Oct 16 18:56:57 UTC 2014

Andrew Lewman:
> Perhaps a more constructive approach is to help define what the golden
> standard for a true tor router should be at
> https://trac.torproject.org/projects/tor/wiki/doc/Torouter.  There are a
> bunch of open tickets and design questions which need thought, research,
> and solutions.

FWIW, I spoke with someone named 'torrouter' in #tor-dev IRC a couple
months back. I'm not sure if they were related to this project, but I
pointed out that the biggest problem with a simple "torify everything"
Tor router is that there are tons and tons of apps on your computer that
love to make network connections and broadcast information about your
computer to remote servers. This problem was first analyzed in 2008 at
PETS: http://www.chiark.greenend.org.uk/~mroe/research/pets2008.pdf.

Since then, we've seen the advent of app stores, account-based
autoupdates, Dropbox, iCloud, things like Ubuntu's "Spotlight" search,
and many many more chatty things. Not to mention the web browser
tracking problem, of course.

The problem with naively shoving all of this stuff over Tor is that Tor
Exit nodes (and services watching for long-term Exit IP usage
correlation) can see that user "AnonymousDissident1" really is the same
as "Frank.Grimes.SF.CA.USA at gmail.com" who has a Dropbox account that he
paid with his credit card.

This may not be a problem for many people, but statements like "The
anonabox uses Tor to allow anyone to access the Internet anonymously
without having to install any software" and "The result is strong,
secure anonymity. Using the anonabox hides your location, as well as all
the other personal data that leaks through ordinary Internet use" are
really not something you can claim if you are operating in this way.
Location in particular will probably still leak all over the place due
to chatty apps you have installed that broadcast it happily.

All of that said, I immediately followed this bad news up with an offer
to the 'torrouter' IRC nick that I would be happy to work with them to
design a secure pairing system between Tor Browser and a Tor router,
such that if you were using Tor Browser, it could get configuration
information from your Tor router so that it used it as an upstream
proxy, or such that Tor router would then install a firewall that only
allowed certain Tor Guard/bridge IPs through.

In this mode, the Tor router could actually act as a defense-in-depth
mechanism that would block all non-proxied traffic, providing additional
protection against browser or other remote exploits, by only allowing
properly Tor-configured application traffic to exit onto the Tor

I imagine the same sort of mechanism could also be used to provide
defense-in-depth for OrBot+OrWall+Android and Tails users.

Unfortunately, the 'torrouter' nick stopped talking to me at this point.
I'm not sure if they just didn't want to put in this extra work, or were
intimidated by how much work this, or what. Granted this would not be
trivial to implement, but the offer to help come up with a design for it
still stands, though. We can figure out the implementation and
development cost sharing details after we have a good design.

I'm not sure such a thing could be designed and implemented by their
January 2015 rollout date goal, but I suspect they're going to struggle
to meet that anyway with this much interest. I wished they'd actually
talked to us about this earlier, instead of ignoring my offer then.

As a result of their claims not matching up to reality, I've been
debating writing a blog post warning about the various issues with
Anonabox, but that seemed premature at this point, too. I suppose it
still may come to that, though, if they keep ignoring us and making
extreme, unsubstantiated, and inaccurate claims, especially with our
trademark and logo plastered on the thing, as if it were an endorsement,
or even our product.

Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20141016/65c01f2b/attachment.sig>

More information about the tor-relays mailing list