[tor-relays] Anonbox Project

Roger Dingledine arma at mit.edu
Thu Oct 16 19:22:09 UTC 2014


On Thu, Oct 16, 2014 at 11:56:57AM -0700, Mike Perry wrote:
> As a result of their claims not matching up to reality, I've been
> debating writing a blog post warning about the various issues with
> Anonabox

I think a blog post teaching people about the issues is a fine plan.

I was thinking something like:

- Many people keep wanting to build a magic anonymity box. And it's
really appealing to not have to change your behavior or your
application settings, and just magically get anonymity, so I can
understand why the idea keeps popping up.

- Unfortunately, if you just route all your traffic through Tor,
you're only solving half the problem: all the application-level issues
remain. First this is a problem when you use your Chrome over Tor and
then wonder how websites are able to recognize you anyway (remember
all the protections that Tor Browser adds over vanilla Firefox). And
second, as you say in your post here, it's a problem because of all the
chatter that comes from background applications, update attempts, printer
notifications, and so on that most systems do by default these days.

- To be fair, some expert users may still get a benefit from Torifying
their traffic. For example, if they've already set up a firewall to
block everything they don't want talking, and now they want to use
an application that's hard to configure a proxy for. Or if they have
thought deeply about their threat model and they don't want a lot of
the anonymity properties that Tor aims to offer. But that user is very
far from the target audience for these magic anonymity boxes.

- The best design we've been able to come up with is one that forces you
to be using Tor on your side, and only allows your traffic through if it's
coming from Tor. Making it use a proxy, or maybe even better a Tor bridge,
that's running on the router seems a fine way to do this limiting. And we
could also imagine running a captive portal website on the router that
intercepts outgoing port 80 requests and teaches you what you need to
do to use this network connection safely. Perhaps it has a local copy
of Tor Browser for you (but how does the user know it's the real Tor
Browser?), or perhaps it lets you reach https://www.torproject.org/
so you can fetch it yourself.

- This approach sure isn't as usable as the magic anonymity box. What a
great research area! But be aware that people have been thinking about
this issue for several years now, and don't get fooled by solutions
that brush all the above details under the rug.

This may also be a good opportunity to point people at
https://www.usenix.org/conference/foci14/workshop-program/presentation/edmundson

--Roger



More information about the tor-relays mailing list