[tor-talk] Cloak Tor Router

[l.m]

I've only one thing to  say about this idea or any other similar
Kickstarter project. You've got  to be stupid to sacrifice the control
and flexibility offered by  running Tor on a computer for a
configuration that operates at the  router/switch. There's no such
thing as easy anonymity online. There's  no such thing as easy privacy
online. Anyone who's actually interested  in these projects should
just fork over their money at Kickstarter and  stop spamming tor-talk
with useless self-promotion. Yes, you, Cloak. If  you think it's such
a good idea just do it and take advantage of the  daft--get it over
with already. So I can laugh at you when your buyers  realize how
stupid they were for not reading the Tor manual.

Honestly--it's  not hard to learn to be anonymous online. If you
seriously consider  these projects to be of some value you should just
stop. Stop trying to  be anonymous and just fork over your data to
whomever wants to look at  it.

The only thing that comes close to anonymity/privacy online  is to
treat each device as if it *could* be compromised. If they aren't  yet
compromised that may well be in the future. Then you see having 
absolute control and flexibility is a strength of Tor. Who the hell 
wants anonymity and actually trusts their networking equipment?

That's all
leeroy bearr

On 11/3/2014 at 11:59 AM, michi1 at michaelblizek.twilightparadox.com
wrote:Hi!

On 10:34 Mon 03 Nov     , Lars Boegild Thomsen wrote:
> On Sunday 02 November 2014 11:36:14
michi1 at michaelblizek.twilightparadox.com wrote:
...
> > 2) Every device can sniff on traffic from all other devices on the
same
> > network. If you have one device which is compromised or somebody
breaks the
> > wifi securety you are in trouble.
> 
> WiFi clients are isolated from each other so no - if someone break
Wi-Fi security they can access the Tor network (or the internet -
depending on which Wi-Fi network they break), but in order to sniff
traffic from other devices the Cloak device itself would have to be
accessed (ie. root password guessed) and the device reconfigured
(disable wifi isolation).

What prevents me from setting up a DHCP server or sending false ARP
responses
to route all traffic to me?

> > 3) Depending on the configuration you may end up routing traffic
from multiple
> > devices over the same circuit. 
> 
> This one surprises me a bit.  The Tor manual states:
> 
> IsolateClientAddr
> Don’t share circuits with streams from a different client address.
(On by default and strongly recommended; you can disable it with
NoIsolateClientAddr.)
> 
> Each client will have their own address so it is my understanding
circuits will not be shared.

Ok, this should do it.

> > You will almost certainly route traffic from
> > different programs on the same device over the same circuit. This
may allow an
> > exit node operator to correlate multiple identities.
> 
> Wouldn't that be solved by enabling:
> 
> IsolateDestPort
> Don’t share circuits with streams targetting a different
destination port.

I do not think this actually solves it. For example there are many
programs
which use HTTP even tough they have nothing to do with web browsing.
Also
there are programs (like P2P) which use random ports and may cause
lots of
circuits being established.

 -Michi
-- 
programing a layer 3+4 network protocol for mesh networks
see http://michaelblizek.twilightparadox.com
-- 
tor-talk mailing list - tor-talk at lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk