[tor-relays] Recommendation for DUMB COMPUTING devices for Tor Relays
Corné Oppelaar
hello at eaterofco.de
Fri Oct 21 12:16:17 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
firmware of RPi can be changed: https://github.com/Hexxeh/rpi-update /
https://github.com/Hexxeh/rpi-firmware
next to that the official firmware of RPi is closed source. you have
no idea what it does
and RPi is build by a small company in the UK, very likely that they
will accept a generous offer by the FBI/NSA/USA.
solder your own shit if you want to be protected on this level.
On 10/21/2016 02:08 PM, Dan Michaels wrote:
> The Tor Project website recommends various security setups for
> people running Tor relays.
>
> Such as, don't run a web browser on the same machine as your Tor
> relay, otherwise the browser could get hacked, and then if Tor
> relays are hacked, it compromises the entire concept of Tor.
>
> In the age of FBI mass hacking, the FBI will attempt to hack all
> Tor relays, and thus, they can trace traffic throughout the entire
> proxy chain.
>
> According to NSA documents, all it takes is "one page load" to
> infect a browser, because they re-direct you to a fake website that
> hosts browser exploits, known as QUANTUM INSERT. The FBI will use
> this to take over all Tor relays that are running web browsers.
>
> So, I have a suggestion that I would like Tor Project to
> recommend.
>
> Tor Project needs to tell people.. use DUMB COMPUTING devices for
> running Tor relays.
>
> If your computer gets hacked, it can be deeply exploited in the
> firmware, such as BIOS, GPU, WiFi chip, etc.
>
> There are devices on the market, such as Raspberry Pi, or similar,
> which have NO WRITABLE FIRMWARE.
>
> This is known as being "stateless".
>
> It does not "hold state" across reboots.
>
> All firmware/drivers are stored on the SD card on the Raspberry Pi,
> and only loaded in on boot time. No component on the entire Pi
> holds state. NONE. There will likely be other similar devices.
>
> Therefore, it is truly possible to wipe a dumb computing device
> completely clean.
>
> If you try to wipe a regular laptop or desktop, you may have all
> this deeply infected firmware, such as BIOS, so you keep getting
> re-infected upon startup.
>
> Some people say, once deeply infected, it's near-impossible to
> clean it out, and you should just throw away your entire laptop and
> start again.
>
> Everyone running a Tor relay should be told to use a DUMB COMPUTING
> DEVICE.
>
> Another advantage is that these devices are often very cheap.
> Raspberry Pi is very cheap to buy. Other devices may be even
> cheaper.
>
> The instructions should be as follows...
>
> (1) Wipe your device clean, i.e. wipe clean the SD card which holds
> the OS + all firmware/drivers.
>
> (2) Then, re-install the OS clean, install Tor, and set up the
> relay.
>
> (3) Tor should be installed from the command line or from a
> previously-downloaded version on USB stick. Do not install Tor
> using the web browser, otherwise you could get infected.
>
> (4) Do not run anything else on the machine, other than the Tor
> relay. Using other programs, especially the web browser, could
> compromise the entire machine.
>
> And that's it.
>
> Tor Project should send out a message telling all people running
> Tor relays to follow these instructions.
>
> Let me know what you think.
>
>
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCAAGBQJYCgcMAAoJEE6fMe4ysJ7MRdMIALyGiB2tJW+Nmcq1ofI5xIgx
08yy7QBKC5O5p7qAC8olFAOfLTIUwhrzyxYtJ73qLAuPtzTEnqBYnrenKNDG5yvf
KeTGsCb2J+/pmG50v25qrjfHWuy3o4UmmLpIEaDY/SZxVDSPnkByMSpfNV6I4uaP
LxfzAR7fTb6RcPitigg8aQZx6CkJ9AgWFtDenBrJb0LhXHiUiOKQOAhw+ze3pYxd
OpB6Wkkm0l5e58XpVTiknAzJ+xknqO2G3xshuMnkb39u3UqGEMRQiyiiMSMhxulO
CCP16wJBuxrCVMEvJuEBlczeyqWrSvNGl9joycUlHln/tB5Nzan22ai2IIoj40c=
=9iu9
-----END PGP SIGNATURE-----
More information about the tor-relays
mailing list