[tor-talk] Cloak Tor Router

Lars Boegild Thomsen lth at reclaim-your-privacy.com
Mon Nov 3 01:50:22 UTC 2014

On Sunday 02 November 2014 13:25:18 Moritz Bartl wrote:

> My biggest worries are unattended upgrades, that they have to rely on
> someone (you?) to provide up-to-date packages and hardware support for
> the complete life-cycle.

That is of course true and like every other project that at the end of the day depends on the interest there is for such a product.  I have bought technology products in the past for which the support was dropped merely weeks after I purchased them (Nokia N9 springs to mind).  It is of course a valid concern, but I guess the best I can say is that if the Kickstarter campaign were to be successful or we found other means to fund this this is a product that I would like to develop continuously and even if that for some reason didn't happen at least every bit of source code is on Github for someone else to fork and keep maintaining.

> 64MB RAM may be enough for a Tor client,
> although I'm a bit skeptical whether it can scale to more than a few
> concurrent users.

Note to self: I need to test this.  As mentioned somewhere I've had Tor running on similar hardware for the past 7-8 month with number of clients fluctuating between 4 and 10 or thereabouts.  Never had an issue and never had to restart the gateway.  I'll revert with some proper test results.

> It is definitely not enough for a Tor bridge or
> non-exit relay.

That is absolutely correct which is why I think it is essential that a device such as this comes with some form of "Tor tax" (as in part of the proceeds goes towards maintaining the Tor network).

> I am also not a fan of transparent proxying, but you are aware of the
> issues there.

I am aware of some but the primary reason I wrote to this list in the first place was to learn more and see if it was possible to come up with a model that was genuinely useful.

> I think it's irresponsible to throw people at the changed
> threat model of Tor without telling them. 

I am not sure I understand this one.  Nobody will be connected to a Cloak device without knowing they connected to it.  As per other suggestions in this forum I am working to see if it is possible to use a captive portal approach to at least display a warning before continuing.

> You say people are too stupid to run Tor
> Browser.

No, please - that I have never said.  What I have said and will stand by is that a product such as Cloak probably doesn't target people who are skilled enough to take a Rasberry Pi and figure out how to get Tor up and running on that.  I am quite convinced I never used the word stupid about such people.

> I think if you give them a nice tutorial on a captive portal,
> they will manage. With the added benefit of educating these people so
> they can also use Tor at different non-torified locations in the future.
> It is not trivial to only allow Tor out (with all the pluggable
> transports and things), but it can be done.

This is technically not a problem.  The Cloak product could be an isolating proxy instead of a transparent one.  Or as I suggested in an earlier message it could be both depending on which Wi-Fi network the user decide to connect to.  What I am trying to do here is establish which approach is best and your opinion is definitely noted!

> I do want a "Tor box" that has both this type of guest network with
> captive portal, as well as enough power to be both a bridge or a relay.

I doubt that will be possible for $50.

> show how much you're helping the network. Yours cannot be that, so I'm
> not really interested.

Fair enough.

> I also don't understand why everyone thinks they have to build their own
> hardware. There are quite a number of open hardware platforms nowadays
> that can be used for such a project just fine.

I gave my reasons here: https://reclaim-your-privacy.com/2014/10/30/why-design-our-own-hardware/

It is all a matter of cost.  The guy behind Anonabox planned to use an off-the-shelf chinese produced router.  What I don't think he considered fully was the time that would have to be spend loading the firmware on said devices.  Even if that process was semi automated, having to unpack a box, connect it to some rig, run the upgrade and repack it would add perhaps 5 minutes to each device.  In Europe or US that would be quite a significant increase.  In the case of Cloak, that step can be included in the production line (actually the final step - the test - where firmware is flashed anyway). 

> Then you relieve yourself
> of having to support that piece of hardware forever,

It is a lot easier to support ONE piece of hardware than it would be to support "any old box".

> project for quite some time, but no student picked it up yet. Does your
> board even have LEDs?

Well, yes - so far planned is (of the top of my head): System, WAN, LAN, Wi-Fi and a RGB led which we haven't really decided exactly what to do with yet - but it was imagined as a status indicator of sort (say: Green all ok, Yellow Tor is not ready, Red no internet, Flashing red UPGRADE needed).

> You talk about adding exit relays, which is a nice thing to think about,
> but as noted previously, if you don't talk about bandwidth and location,
> that doesn't mean a thing.

As explained earlier I am aware that one is a tad vague, but I (we) don't like to make promises we can't keep and this one was formulated in a way such as we knew we could do it.  My preferred approach personally would be to allocate a percentage directly to torproject, but that was not possible (allowed) on Kickstarter.

> I am not a hardware expert, but I have followed quite a number of
> hardware-related kickstarters over time, and your timeline sounds really
> ambitious.

No doubt - it is really ambitious ;)

Lars Boegild Thomsen
Jabber/XMPP: lth at reclaim-your-privacy.com

More information about the tor-talk mailing list