[tor-talk] Cloak Tor Router
Lars Boegild Thomsen
lth at reclaim-your-privacy.com
Sun Nov 2 04:08:15 UTC 2014
On Saturday 01 November 2014 14:28:33 Soul Plane wrote:
> What happens when a new version of Tor comes out?
At source level what would happen is that I update one Makefile to pull the new version of Tor and then build a new firmware. Provided Tor hasn't changed in a way that causes it not to build that is about it. I described that here: https://reclaim-your-privacy.com/2014/10/31/tor-updates-in-cloak/
But I know that wasn't your question...
> You want to put this in
> the hands of people who really don't know anything about security. To stay
> secure wouldn't you or someone have to ensure that all those devices are
> using the latest Tor? And how could you do that without access to the
> devices? If you leave it up to the end user to do firmware updates most
> people probably aren't because they are, like you say, not able to install
> Tor on their own.
I am open for any and all suggestions as to what would be the best approach. My goal would be to archive a good balance between security and usability. Let me throw some possibilities up for discussion:
1. 100 % Automatic
The device check at regular intervals if a new binary firmware is available and if that is the case it just updates. This one is entirely possible and not hard to implement. I am however not sure I like it. If someone managed to hijack our domain name that someone could brick all devices in one go. There is also the possibility of accidental bricking of thousands devices (even Microsoft have released updates that crashed Windows, and Google have screwed up their android updates quite often). In short - I personally don't like this one but I am willing to stand corrected and be convinced otherwise.
2. Automatic update of Tor alone
This is a bit software as in the binary firmware stays as it is but only the Tor package gets updated. It's got the same security issues as number 1, but less of a risk of bricking accidentally and a path to recovery IF a bad update was submitted.
3. Visual indication of "action needed"
In our current hardware design we actually included a RGB LED for this very reason. We could have that flashing RED (and label it "Update needed" on the box) if not up to date but still leave it for the user to update. I am personally leaning towards this one unless the issues with 1 or 2 can be solved but I am aware that a lot of people won't update.
4. Refuse to function unless updated
Would flash red as in 3 but refuse to run unless the firmware is updated. I personally think this one is too annoying from a usability point of view.
As mentioned I am right now leaning towards number 3, but I am quite willing to be persuaded that I am wrong.
> I really don't know if your device is a good idea or a
> bad idea but I cringe at what could end up as a false sense of privacy.
I don't disagree with you at all except I obviously think a device such as this is a brilliant idea :) I/we have no intention of misleading people into a false sense of privacy! I am originally from Denmark but I have lived most of my life in countries that are significantly less democratic than Denmark and at the moment it would appear that most of the world is going in the wrong direction. I actually think that using Tor for everything where you ARE have a value even if it doesn't mean much in the global scale of things. Removing the possibility for my local telco to keep meta data of what I do is important I think if not for a security reason then at least to make a loud public statement.
The new Facebook initiative is a good example. Of course the whole idea of privacy is ridiculous when talking about Facebook, but still - when I choose to share something on Facebook that is a choice - a choice to share that particular thing and a choice to trust Facebook will only share it with the people I choose to share it with. However, I want to be reasonable certain that nobody is "sniffing" that data in between. I did NOT choose to share that information with my Internet provider or the government in the country where I stay.
Lars Boegild Thomsen
Jabber/XMPP: lth at reclaim-your-privacy.com
More information about the tor-talk