[tor-talk] Cloak Tor Router

Aymeric Vitte vitteaymeric at gmail.com
Fri Nov 7 16:29:23 UTC 2014 

And 5 "do not send anything outside", no? Usually you can restrict with 
your ISP box but can you trust it?

What happens if you connect directly your PC to the Cloak with a cable?

Maybe the concept of several wifis is good but I don't see it very 
usable, not sure what would be the security requirements for this but 
assuming that I am trusting my local network why not a simple web 
interface where you can configure the same for any device connected to 
the box:

- do not allow anything outside
- allow all traffic outside Tor
- force everything through Tor (warning: close your bittorrent clients)
option: the Cloak could detect the bittorrent traffic
- force eveything through Tor except torrents
- force ssl through Tor, non ssl outside
...

Regards,


Le 05/11/2014 05:19, Lars Boegild Thomsen a écrit :
> On Sunday 02 November 2014 00:47:40 coderman wrote:
>> even a simple one time, "You are about to route your traffic over the
>> Tor network. Turn off your torrents and don't upgrade poorly written
>> applications".
>>
>> the zero guidance to unsuspecting is what i am most concerned about;
>> even basic captive portal warning would be a benefit.
> I will definitely look into this one.  This should be quite easy to implement by messing a bit with the firewall tables :)
>
> Only problem I see is that to make it useful I think it would have to time out at some point.  One example I have bought up a few times is my cheap and rather chatty media player.  I have not dug into the details exactly but I _know_ it "phones home" regularly and it is definitely a use case where the Tor browser bundle would be impossible.  Problem is that one is unattended so if I were to do a captive portal kind of page and that would require a positive acceptance, the Cloak would be useless for this scenario.
>
> Number of wireless networks are not an issue so I _am_ beginning to think that more than two is necessary.  For example:
>
> 1. Open - Open network - no Tor
> 2. Transparent proxy - all tcp traffic allowed - forced through Tor - everything on separate circuits  - captive warning
> 3. Transparent proxy as 2 minus captive portal (for gadgets or someone who know what they are doing)
> 4. Isolating proxy - only https allowed - forced through Tor - everything on separate circuits and everything else blocked
>
> It is not really a problem to make more than two so if this makes the Cloak more flexible I'd say it's the way to go.
>

-- 
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

More information about the tor-talk mailing list