[tor-talk] Tor Relay Smartphone App

Casey Rodarmor casey at rodarmor.com
Mon Oct 13 04:35:05 UTC 2014


On Mon, Oct 13, 2014 at 1:07 PM, Griffin Boyce <griffin at cryptolab.net>
wrote:

> There are lots of issues with hardware projects and it costs an obscene
> amount of money -- not to mention the implications on security and
> anonymity that it would introduce.
>

Do you think there's any way it could be done without creating said
problems for security and anonymity? Perhaps by just publishing an open
spec and the auto-booting relay image and letting hardware manufacturers,
totally independently, produce and sell designs that conform. A conforming
design is just one that meets the hardware spec and that the manufacturer
claims will successfully run the image without any user intervention. The
Tor project simply trademarks a logo and phrase, like "Tor Awesomeness
Compliant" and a cute cartoon onion, and makes sure that no designs that
are under spec or don't run the image use the slogan. They also make sure
that anyone that uses the phrase also always includes a message like "The
Tor Awesomeness Compliance mark and associated image of Vidalita, the
adorable privacy respecting chibi-onion, does not mean that this machine is
individually tested or certified by the Tor Project. It may have security
flaws or back doors." so manufacturers can't claim or represent that its
machines are known secure, just that they can run the image and be a good
relay. This might still create problems if ne'er-do-wells might intercept a
whole bunch of computers in the mail that they know are only being used as
tor nodes. It might not create problems if the certification and image is
popular, and tons of computers are certified that have tones of other
possible uses.


>  Create a disk image of a free operating system that boots and tries to
>> run the best node it can with whatever hardware it happens to have. It
>> might also try to upgrade and apply security patches to the operating
>> system and get the latest version of tor.
>>
>
>   This could work, but would need a maintainer.


So, just totally totally hypothetically, not trying to sign up for yet
another project that I don't know if I have time for, I could maybe be the
maintainer for such a thing. I'm a programmer, an ex site reliability
engineer, and have some experience with both low-level programming and
keeping unix systems running. However, I am not a security, privacy, or
anonymity expert, so I would need the support of Very Clever People whose
advice I could rely on to tell me what to do, and how to patch any horrible
security vulnerability bugs that my horrible shell scripts might have.
Hopefully the extra surface area of such a distro would be very small, just
a few extra scripts and config files, so there wouldn't be a ton to audit.


> Lots of hosts have pre-made images for other uses, and there are projects
> like VirtualBoxes[2] that might be good places to distribute these.  An
> easier way would probably be to use something like a python/bash script or
> an ansible playbook to install dependencies, set permissions, and detect
> speed to configure the torrc.


That's a good idea, but I think that hardware compatibility is a big issue
here, especially for non-technical users who might not be able to find and
install linux drivers for whatever strange hardware that they have. A
custom image that can control all dependencies and have full permissions to
fetch and install whatever drivers it needs would probably get many more
good nodes onto the network, with much less confusion from users. It's also
possible that an image like that could be more aggressive trying to get the
node online, and just use more resources if it knows that it's not running
on a box which is used for anything else. Like, it could use all disk
resources without worrying about starving anyone else, create and delete
users, and generally just assume that it's the only thing running. Would be
a great way to make it as simple as possible, and also provide a way for
people to sunset their old, but still usable boxes without hassle.


More information about the tor-talk mailing list