[tor-talk] Tor Relay Smartphone App

Aymeric Vitte vitteaymeric at gmail.com
Tue Oct 14 10:37:39 UTC 2014 

Le 14/10/2014 09:55, Lunar a écrit :
> Jeremy Olexa:
>> >You are abit late on the project idea:)
>> >https://www.kickstarter.com/projects/augustgermar/anonabox-a-tor-hardware-router
> If this needs repeating on this list: this is a bad idea. It will give
> people illusions instead of actual protection.

A bad idea that is doing good on Kickstarter...

I don't see very well the difference with the Onion Pi, except that it's 
unclear what code they are using or I missed it (there is a link to a 41 
KB gz 'complete' code, this looks quite small so probably they are using 
the Tor project code) and there are no warnings about the insecure 
aspects of its use as you mentioned.

Anyway, I still think the universal solution is the javascript Tor 
protocol inside browsers, browsers would perform the Onion Proxy and 
connect to the Tor relays using WebSockets, everything that is fetched 
by a page is redirected to the WebSockets (like for example everything 
is redirected to the Socks interface when you specify it, the messages 
would be encrypted by the Onion Proxy and sent to the Tor circuits over 
WebSockets ), unfortunately while the rest exists and is working 
(node-Tor) this last point is completely undoable today.

This would work on any device, mobile or not, with the associated level 
of security because this would not eliminate the need of the Tor browser 
features and probably some confinement/security features would need to 
be studied between the page and the ws OP, maybe similar to 
http://cowl.ws/, new methods to enforce privacy inside browsers with 
principles of code confinement and labels between origins, using what 
exists today, postMessage with workers and iframes (clever use of it for 
once...)

In addtion browsers will be able to perform the OR function too, so will 
be Tor relays, as previously mentioned in this thread if the bandwidth 
of the device is bad the interest can be quasi null unless some 
multipath possibilities are available, but given the number of browsers 
in the world it could be interesting to scale Tor.

So, it's probably worth studying the possibility with browser vendors 
(and standards), ie to solve this question: how to pass all the traffic 
to a given interface (here the ws OP)?

-- 
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

More information about the tor-talk mailing list