[tor-talk] Cloak Tor Router

Aymeric Vitte vitteaymeric at gmail.com
Sun Nov 9 11:03:04 UTC 2014

Answering your different emails at once:

- anonathing indiegogo: incredible... you can be sure that these guys 
are cheating on the crowdfunding campaign, as far as they can

- configuration: as you say the less needs to be configired, the better, 
but I am not sure we will reach a consensus of what should go through 
Tor and what sould not, as we can see in this thread people have 
different opinions

- cable connection: I think this is required, then minimum configuration 
is needed

- "do not send anything outside" wifi: I think it is required too

- all TCP through Tor: you say that it's difficult for the Cloak to 
detect SSL vs non SSL, but you are proposing a SSL only wifi, so the 
Cloak is supposed to know how to do this, no?

- all SSL through Tor, non SSL outside: I think I would choose that 
option myself by default for the reasons explained previously (see my 
latest answer, stupid traffic going outside will necessarily be ssl, my 
ws example does apply too for Tor flash proxies relayers)

- bittorrent: yes that's definitely an issue I think, I suppose the 
Cloak does relay the UDP traffic, I don't know what happened for your 
test but of course if UDP does not work nothing will happen, bittorrent 
trackers (which people should not use at all) and DHT are using UDP, the 
bittorrent protocol is using TCP and uTP (UDP), as far as I know it 
tries to establish both and breaks the TCP connection if uTP is 
successfull, I don't know really what is the most use, as far as I have 
seen both are used equally, but I did not study this precisely, maybe 
some other people can give inputs here. It's unlikely that the seeders 
are blocking the exit nodes, so once the bittorrent protocol establishes 
TCP connections with the peers in the swarm through Tor, there are no 
reasons that it does not work.

- maybe that's another reason to use "my" default, since the Cloak can 
not recognize bittorrent traffic it would go outside automatically

- as previously mentioned I will contact you off the list (when I have 
time) for the other topics.

Le 09/11/2014 10:27, Lars Boegild Thomsen a écrit :
> On Friday 07 November 2014 17:29:23 Aymeric Vitte wrote:
>> And 5 "do not send anything outside", no? Usually you can restrict with
>> your ISP box but can you trust it?
>> What happens if you connect directly your PC to the Cloak with a cable?
> I haven't really decided.  The box have a wan as well as a lan port.  I sort of expected to leave the lan port open and it certainly is in the current firmware version.  One option would be to make it possible to toggle it with a press on a button, but I really haven't thought that one through at all.  Any ideas appreciated.
>> Maybe the concept of several wifis is good but I don't see it very
>> usable, not sure what would be the security requirements for this but
>> assuming that I am trusting my local network why not a simple web
>> interface where you can configure the same for any device connected to
>> the box:
> I think that is mostly related to the target audience for a device such as this.  The less that needs to be configured the better - assuming that most users  interested in a box such as the Cloak won't want to make massive reconfiguration.  Of course a "power user" can squeeze the box to run exactly as they prefer.  But it's important to me to have sensible default so that as many people as possible can use it without changing anything.
>> - do not allow anything outside
>> - allow all traffic outside Tor
>> - force everything through Tor (warning: close your bittorrent clients)
>> option: the Cloak could detect the bittorrent traffic
>> - force eveything through Tor except torrents
>> - force ssl through Tor, non ssl outside
> Question - is Bittorrent still an issue at all?  I actually tried a few days ago - a quite popular torrent (thousands of seeds) bootstrapping using a magnet link - my netbook connected to a Cloak prototype with every single TCP port routed through Tor.  After 24 hours the magnet hadn't even downloaded - not a single byte received.  I suspect all trackers are using UDP now - and I guess most bittorrent clients too.

Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

More information about the tor-talk mailing list