[tor-talk] "Safeplug"

aagbsn at extc.org aagbsn at extc.org
Fri Nov 22 20:17:05 UTC 2013 

On 2013-11-22 15:56, andrew at torproject.is wrote:
> On Fri, Nov 22, 2013 at 07:04:00PM +0600, rm at romanrm.net wrote 2.5K
> bytes in 0 lines about:
> : > On Fri, Nov 22, 2013 at 04:50:44PM +0600, Roman Mamedov wrote:
> : > > https://pogoplug.com/safeplug
>
> Out of all the concerns about how they implemented it and such, my
> main concern is that it just adds more clients to the network without
> giving back in the form of relays or bridges. Or at least, none of
> their documentation mentions the ability to share freedom and privacy
> with others.
>
> However, this looks like a fine test case for consumer-level torouter
> market analysis. It would be great to learn 6 months from now how 
> many
> they sold and a summary of customer feedback.

I agree with the market analysis aspect, but I am concerned on the 
following points:

1. No source or design documents are provided.

Despite making use of open source software, and linking to the relevant 
open source licenses here:
http://pogoplug.com/home-en-developers-open-source.html (whoops, a dead 
link), there are no design documents published, additional contributions 
or source linked anywhere on the website. If I wanted to contribute a 
patch, where would I do it? Not providing source for the device is 
pretty weak -- plenty of other projects, such as Tails and Whonix, have 
implemented transparent torification and provide extensive documentation 
and code.

2. Router Registration

According to https://pogoplug.com/safeplug, you must click on the 
following link to activate your device.
http://shop.pogoplug.com/store/pogoplug/buy/productID.292114000/quantity.1/pgm.94629500

The link isn't https, and redirects to a page asking for billing 
information to *buy* a device. I don't have a Safeplug, so I don't know 
if the page would look any different, but it does imply that they have 
the ability to differentiate between a Safeplug user and a regular Tor 
user (me). That smells bad.

3. Automatic updates

Not only does this imply that the device must phone home and uniquely 
identify itself (see, router registration), it also means that code can 
be pushed to the device. I'd say "against the operators consent", but 
you agreed to that, in the TOS:

"
Updates
As part of the Service, you may from time to time receive updates to 
the Software from Pogoplug that may be automatically downloaded and 
installed to your applicable device. These updates may include bug 
fixes, security enhancements or improvements, or entirely new versions 
of the Software. You agree that Pogoplug may automatically deliver such 
updates to you as part of the Service.
"

5. TOS

Pogoplug isn't an ISP, and I've never seen a router force a TOS on me 
before. And, it's one of those nasty ever-changing TOS that assumes if 
someone actually read it once, they will want to read it again:
"
Pogoplug may update or change these TOS from time to time and 
recommends that you review the TOS on a regular basis at 
www.pogoplug.com/safeplug. You understand and agree that your continued 
use of the Service after the TOS has changed constitutes your acceptance 
of the TOS as revised.
"

6. Torified Everything and Anonymity Profile

Roger and I had several long talks about the design behind a 
theoretical Tor Router product, and one sticking point is that although 
the easy way to do it is to simply transparently torify everything down 
the pipe, doing so does nothing for the anonymity set of the user behind 
the black box. We discussed alternate options, such as providing a 
captive portal that would instruct a user to download a copy of TBB and 
use the local router device as a first hop into the Tor network, perhaps 
by configuring the device as a bridge. Clearly not as easy as 
plug-n-play, but since most users of this type of device would continue 
to use their original highly fingerprintable browser, transparently 
torifying everything probably wont provide the anonymity that they 
claim. And although they do link to 
https://www.torproject.org/docs/faq.html.en, they should probably take a 
read through 
https://www.torproject.org/download/download.html.en#warning themselves.

--Aaron

>
> --
> Andrew
> http://tpo.is/contact
> pgp 0x6B4D6475

More information about the tor-talk mailing list