[tor-talk] funnel many computers through one TBB?

Roger Dingledine arma at mit.edu
Tue Oct 15 21:16:57 UTC 2013

On Fri, Oct 11, 2013 at 09:45:16PM +0200, Moritz Bartl wrote:
> On 10/11/2013 08:32 PM, Rhona Mahony wrote:
> > Friend J doesn't want to install a Tor Browser Bundle on each of the 50
> > computers in his company.  Can he install one TBB on his router and
> > configure it so that it sends his employees' browser traffic through the
> > Tor network?  Is it advisable?  Where are instructions?  So sorry that I
> > couldn't find them.  Shall I persuade him instead to do the 50
> > installations of TBB?
> The problem is that you really want everyone to be using the Tor
> Browser. While you can centralize Tor itself, there is currently no
> support for an "external Tor" in Tor Browser.
> Also, an attacker in the internal network could see the traffic from
> your application(s) to Tor.
> All in all, it is better to roll out TBB on all clients. With 50
> machines, the company should have a way to easily distribute the TBB
> archive plus a shortcut anyway. They should also think about an update
> strategy.

Right, I agree with Moritz's answer.

Anything else is going to basically ruin the application-level privacy
for all the users -- see
https://www.torproject.org/projects/torbrowser/design/ for all the things
Tor Browser does for you.

Putting a single Tor up somewhere and routing all traffic through it is
appealing, but a) it's not going to get you any of the things that Tor
Browser provides, b) you will have the problems people discussed with
mixing traffic from multiple users onto the same circuit, and c) you're
going to have a real mess if any of your users want to use Tor the *right*
way (by running it on their computer), since either you'll need to Torify
their Tor traffic (making it more than twice as slow, and it's also
a configuration we're going to disallow soon due to various anonymity
attacks) or disallow using Tor in the recommended safe configuration
(also bad).

And if the above paragraph sounded confusing to you, that's an extra
reason to use TBB in its recommended configuration. :)


More information about the tor-talk mailing list