[tor-talk] Tor router requirements / best practices [was: Cloak Tor Router]
vitteaymeric at gmail.com
Tue Nov 18 16:35:53 UTC 2014
I am not sure we are talking about the same thing, or at least we see it
differently, I don't see very well what would be the use of a box acting
as a bridge, it would mean that the OP is inside your device while the
box is supposed to anonymize (as far as it can) or block the traffic
from any devices on the local network.
I don't see very well what would do the captive portal too (why port 80
"...to design a secure pairing system between Tor Browser and a Tor
"In this mode, the Tor router could actually act as a defense-in-depth
mechanism that would block all non-proxied traffic, providing additional
protection against browser or other remote exploits, by only allowing
properly Tor-configured application traffic to exit onto the Tor network."
OK for browsing, but then you would block all the traffic for apps or
devices that you can not proxy.
As I see it the interest of such a box is to centralize the traffic of
whatever connected object you have and decide if it should be blocked or
routed through Tor or not.
I don't see an ideal design but I think the box could have as simple
interface where for any connected device the user can choose:
block (default yes)
if not blocked:
ssl : block/Tor/not Tor - default Tor
non ssl: block/Tor/not Tor - default not Tor
With the pairing system mentioned above where the user would use the FF
Tor browser if available on the device with the proxy automatically set
to the box and where the box would let go through Tor the traffic that
is proxied to it independantly of the above rules except if the device
Still the user would have to do some configuration but that does not
This assumes that you trust your local network.
Le 17/11/2014 19:35, Rusty Bird a écrit :
> coderman wrote:
>> - The best design we've been able to come up with is one that forces you
>> to be using Tor on your side, and only allows your traffic through if it's
>> coming from Tor.
> corridor has such a design:
> I'd love to turn it into a bona fide WiFi hotspot:
>> Making it use a proxy, or maybe even better a Tor bridge,
>> that's running on the router seems a fine way to do this limiting.
> Doesn't bridge connection setup (on the client side) complicate things
> too much, especially for people unfamiliar with Tor?
> More importantly, a bridge would usurp the position of any circuit's
> first hop. Though there's a trac ticket somewhere about plans to make
> bridges the zeroth node before the other three.
>> And we
>> could also imagine running a captive portal website on the router that
>> intercepts outgoing port 80 requests and teaches you what you need to
>> do to use this network connection safely. Perhaps it has a local copy
>> of Tor Browser for you (but how does the user know it's the real Tor
>> Browser?), or perhaps it lets you reach https://www.torproject.org/
>> so you can fetch it yourself.
> Yup, see the todo.
> I really hope to be able to work on this in the next months. If not,
> maybe you can find some use in the corridor repo.
> Rusty Bird
Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
More information about the tor-talk