[tor-talk] Cloak Tor Router
Lars Boegild Thomsen
lth at reclaim-your-privacy.com
Sat Nov 1 09:09:31 UTC 2014
As some of you may have noticed, a new Tor Router project called Cloak was just launched on Kickstarter. In the wake of the Anonabox roller coaster, I would like to present our own justification for the Cloak project, and a bit of background. Please accept my apology if this comes across as a shameless plug. That is not my intention. We - the team behind Cloak - and me (the networking and embedded Linux guy in the team) are genuinely concerned about privacy and we really would like this product to be what the TorRouter never became and the main reason to post this here is to - hopefully - provoke an interesting exchange of opinions about products such as this.
For us, the idea of Cloak actually started about 9 month back. Adrian (who is the guy backing this project on Kickstarter) came up with the idea and I (the guy who was working with embedded Linux systems in general) furiously maintained that it was an idiotic idea and that it couldn't be done. As things goes, Adrian finally manage to wear me down and I actually decided to give it a shot. At that time I was messing around with a cheap Wireless router module out of China called Oolite (this is funnily enough the EXACT same module that Anonabox claimed to have developed themselves - their prototype 2 which is a standard dev board from a company called Gainstrong). This particular module have 16 MB of Flash and 64 MB of RAM and much to my surprise Tor actually performed quite well on it. The result of these experiments - which dates back to around February or so - was 1: That I have been running Tor on my own home gateway ever since and 2: That I managed to port OpenWrt to the Oolite module (and got that included in OpenWrt trunk). At that time the Tor Gateway/Router got on a bit of a back burner since real life took over for a while. The day job being that we actually develop smart Internet of Things modules - both hard- and software.
About a month ago the Tor Router idea (which at some point had been dubbed Cloak) resurfaced as a potential kickstarter idea. The reason was that in the past 6 month we had actually developed quite a lot of experience with design and manufacture of the Internet of Things modules and all of a sudden it no longer seemed impossible to actually manufacture hardware for a Tor Router. We threw together a project plan and decided to launch around November/December.
In comes Anonabox. At first read it was quite a shock to be beaten by a small margin and of course a huge disappointment as the project got immensely popular very fast. Reading through the Kickstarter page and the web-site I did notice two things:
1. The lie about the hardware (since I had a 9 month old Oolite module)
2. The complete lack of his so-called Open Source software posted (only a bunch of config files that looked pretty standard to me apart from the hardcoded passwords)
But in general I didn't really think much about these issues and I actually felt the guy had pretty much done what we had been planning for a while and that in principle it was OK.
When Anonabox was suspended on Kickstarter, we realised that we simply had to get this posted immediately but of course be very aware not to repeat any of the mistakes made by the earlier attempt.
The first step was to isolate the Tor/Cloak related stuff from my internal source tree and actually put a builtable source online on Github. That is currently available here: https://github.com/ReclaimYourPrivacy.
Second step was to document the hardware development to convince everybody (hopefully) that we _are_ actually capable of having a device such as this manufactured at a competitive price. Most of that documentation went on our web-site (https://reclaim-your-privacy.com) and schematics/PCB design on Github (same url as before).
I had already (9 month back) come up with some sensible firewall rules that would pretty much force all TCP traffic through Tor and since I had been running it for 9 month it was at that time fairly well tested (including Tor on hardware similar to our own). One thing that was missing was to create an OpenWrt build that would start up with sensible defaults everywhere.
One problem which Anonabox was criticised for was his hardcoded root password and WiFi keys. I agree with that criticism completely because most people who would be interested in a device such as this would never change their default password. Fortunately we had a quite elegant solution to this problem. Since we plan to produce these modules, firmware can and will be loaded in the factory as part of the production process (actually it happens during the semi-automated test after board assembly) and at that time we could generate a random root password and WiFi key, flash that to a small dedicated R/O partition on the flash, print it on a label attached to the box (along with Serial number and MAC address). That way each device will have a default password, but nobody except the owner of the device will know it.
Phew that was a relatively long rant and I apologize if I have caused extreme boredom. I can however now, that I have explained the background, come to the questions which is the primary reason for me writing here.
First of all, I would like to hear more opinions about the value of a device such as this. I realize that most technically adept people will frown on a a "toy" such as the Cloak, but this device is really not meant for anybody who can install the Tor software on their own or someone who can install Tor on a Rasberry Pi. It is meant for my parents, my kids or anyone else who - deserve privacy but might not be technically able to achieve it. I fully understand and appreciate that a Tor Router such as Cloak will NEVER in itself be able to provide any form of anonymity or security. It is merely a tool that if used correctly can help enforce a certain level of privacy (the newly introduced or discussed Australian data retention laws spring to mind and I am certain other countries are introducing the same laws). A secondary justification are devices which does not support Tor. I've got a Media player in my house and that does "phone home" every single time I play a movie on it and there is no way I could possibly install Tor on it. With Cloak and NO login - that is fairly anonymous.
Second of all I would sincerely like a discussion about the firewall rules and other security or usability issues with a device as this. The source is on Github for everybody to check and I will be happy to discuss any technical aspect and appreciate any constructive criticism. I am of course also happy to respond to any questions thrown in my direction.
//Lars Bøgild Thomsen
More information about the tor-talk