[tor-talk] anonabox : the Tor hardware router
mirimir at riseup.net
Fri Nov 14 00:07:31 UTC 2014
On 11/13/2014 06:45 AM, Derric Atzrott wrote:
[> On 11/12/2014 17:18:15 -0700, Mirimir wrote:]
[>> On 11/12/2014 01:13 PM, Shawn Nock wrote:]
>>> If all users use Tor only for sensitive communications, then state
>>> level adversaries can round up all users of Tor and the provided
>>> anonymity is of little use.
>> That's true. But there is a sense in which Tor should be used
>> selectively: It's counterproductive to use Tor when identity and
>> geolocation are desired and/or essential. If my bank, for example, sees
>> Tor IPs, it might freeze my account. And that's a _good_ thing.
> I disagree. I'd rather have more people using Tor even for things
> where identity is an essential part of authenticating you, like a bank.
> I'd rather see the bank move to other methods. If we can obsolete
> automatic location based identification I think that is a good thing.
> You should be able to share your location with your banks website, but
> it should not automatically be able to gather it.
Ideally, as a goal, I agree. That would increase the anonymity set. And
there can be no real freedom without anonymous financial services. But
in reality, currently, financial services care about identity and
geolocation. So anonabox will do collateral damage.
>> That's why anonabox is so dangerous, even if there were no security
>> holes. Guaranteed hardware-based Tor connectivity is great, for those
>> who know where, when and how to use it. But providing that to users who
>> don't understand the situation is dangerous. And doing it via WiFi,
>> which is virtually unsecurable, is even worse.
> This I can agree with.
>>> Cat photos and Amazon shopping by non-subversives gives vulnerable
>>> users cover and is fundimental to the usefulness of Tor.
>> Cat photos, yes :) But Amazon shopping, maybe not so much.
> Why wouldn't Amazon shopping provide Tor users with cover?
Well, it's nontrivial to buy anonymously from Amazon. For most folk
without cover corporations and stuff, gift cards are about it. There is
the eGifter workaround for using Bitcoins, however. But still, there's
the fact that stuff must be sent somewhere. Most folk lack anonymous
mailboxes and drops, so that's their home or place of business.
>>> Should entities encouraging heavy routine use of Tor contribute
>>> relays? Absolutely.
>> Well, I gather that there's currently a surplus of non-exit relays and
>> bandwidth. So specifically they should contribute exit relays. That's
>> not so easy, however, and there's far too little support for it from the
>> Tor Project, in my (albeit limited) experience.
> This is definitely a problem that I would love to see worked on some.
What's ironic is the particular difficulty of running exits anonymously.
> Thank you,
> Derric Atzrott
More information about the tor-talk