[tor-talk] Tor Relay Smartphone App

Griffin Boyce griffin at cryptolab.net
Mon Oct 13 05:00:14 UTC 2014


Casey Rodarmor wrote:
>> There are lots of issues with hardware projects and it costs an
>> obscene amount of money -- not to mention the implications on
>> security and anonymity that it would introduce.
> 
> Do you think there's any way it could be done without creating said
> problems for security and anonymity?

   No.  There's an open debate about the overall security of *any* 
manufacturing process, but the issue remains that the mail system in any 
country is inherently insecure.  Secure hardware delivery does not 
exist.

   As for anonymity, exchanging money removes anonymity.  There is no 
truly anonymous currency.

> "Tor Awesomeness Compliant" and a cute cartoon onion

   Cute. =) But I don't really see the benefit of this.  It seems like a 
lot of extra work for no real benefit.  If the issue is that people 
don't always have a clear idea of what hardware will work for relays 
(hardware they likely already have!) then this doesn't even approach it. 
  If the secondary issue is that people are bummed out that 
raspis/beaglebones shouldn't run relays, that is *also* not fixed by Tor 
undertaking a massive hardware project.

>> This could work, but would need a maintainer.
> 
> So, just totally totally hypothetically, not trying to sign up for yet
> another project that I don't know if I have time for

   I say that interested people should come up with ideas for how to pull 
it off, code it up, put it on github with a large "Danger! High 
Voltage!" warning, and get feedback from the rest of the community. =) 
That's how people get started and learn.

> That's a good idea, but I think that hardware compatibility is a big
> issue here, especially for non-technical users who might not be able
> to find and install linux drivers for whatever strange hardware that
> they have. A custom image that can control all dependencies and have
> full permissions to fetch and install whatever drivers it needs

   A custom image wouldn't necessarily be able to solve driver 
compatibility issues better than stock Debian/Ubuntu (though Ubuntu is 
better for quirky hardware than Debian).  If you install Debian and 
don't have the right ethernet or display drivers, you're still going to 
use a different machine to connect to the internet and look up the 
solution.  Because you don't have access to the internet on the 
missing-ethernet-driver machine.  This is kind of a bootstrapping 
problem.

   This is one of the few projects where I'd say hardware compatibility 
isn't a factor.  If you can run Debian, you can run Tor (even if you 
can't be effective as a relay).

best,
Griffin

-- 
"I believe that usability is a security concern; systems that do
not pay close attention to the human interaction factors involved
risk failing to provide security by failing to attract users."
~Len Sassaman


More information about the tor-talk mailing list