[tor-talk] Operating system updates / software installation behind Tor Transparent Proxy

Andrew Lewman andrew at torproject.is
Fri Mar 2 04:31:39 UTC 2012


On Fri, 02 Mar 2012 00:12:44 +0100
"proper proper" <proper at secure-mail.biz> wrote:

> You ask the user not to use Bittorrent over Tor, as the network can
> not handle the load.

bittorrent trackers are fine, it's the bulk download of GB of data 7x24
that loads up the network.

> What about operating system updates behind a Transparent Tor Proxy?
> The same goes for the installation of legitimate software. No warez.
> "apt-get install gnome"

I do this all the time over tor. I trust tor exits more than wireless
networks in hotels, airports, schools, and other locations.  The latest
TBB release allows me to stream youtube html5 videos over tor. 

In fact, sometimes when I travel, I scp my virtual machines over tor
rather than risk a laptop search and seizure at a border.

I expect that tor the protocol and network should punish me for asking
to transfer so much data. I don't care if my apt-get takes an extra 10
minutes to complete. I don't care if my vm disk transfer takes all
night rather than one hour. De-prioritizing my bulk traffic is fine if
others get webpages, instant messages, and the like through faster.

The trick is, I like to think I know what I'm doing and that I'll
notice if apt-get or my VM image fails to transfer untouched. Whether
I'll actually notice a sophisticated exploit in deb packages or my vm
image modified in perfect way that gpg or sha256 hashes don't detect,
remains to be seen. If I pulled a random person out of a barcamp and
asked them to do a OS X or Windows update over transparently proxied
tor, would they notice if the package was modified in transit? What do
these OSes do in this case? What about freebsd ports? Or other package
systems? What about all of the other software that updates itself
automagically without a system package manager? 

The details from a central http://mitmproxy.org/ are fascinating to see
how much stuff on my network uses cleartext data and protocols and
never even check for a sha-1/md5 hash, nevermind .asc code signed
packages. It's also scary to see what never checks if the ssl cert is
valid or not. ssl-cert-snakeoil works fine for a surprising amount of
software.

-- 
Andrew
http://tpo.is/contact
pgp 0x6B4D6475


More information about the tor-talk mailing list