[tor-talk] VPN/TOR Router

[Mirimir]

On 02/02/2015 12:06 PM, Seth David Schoen wrote:
> spencerone at openmailbox.org writes:
> 
>> Hey :)
>>
>> I have been looking at a physical product by Cryptographi called the
>> 'SnoopSafe Encrypted VPN/TOR Router'[0].
>>
>> Does this work?  Is this safe?
>>
>> [0] http://cryptographi.com/products/snoopsafe
> 
> There have been a number of discussions on this mailing list before
> about standalone Tor routers.  The usual consensus is that using a
> separate router together with regular Internet applications is risky,
> because the applications don't know that they shouldn't behave in
> certain ways.  For example, the applications might mention your real IP
> address in the course of some protocol, or they might send or allow to
> be sent a persistent cookie, which might eventually be sent over both a
> Torified and a non-Torified connection.
> 
> The Tor Browser has had a ton of work put into it
> 
> https://www.torproject.org/projects/torbrowser/design/
> 
> to try to make sure it works safely with Tor (again, by making all Tor
> Browser instances look alike, making sure that they don't allow
> long-lived cookies or cookie equivalents, and various other
> precautions).  The router running as a separate device can't usefully
> apply all of these protections to regular Internet applications "from
> the outside", and the applications, again, won't realize that they're
> being used in an anonymous way and that they shouldn't send data that
> might compromise their user's anonymity.
> 
> That's why the Tor Project doesn't currently recommend using Tor with a
> web browser other than Tor Browser, and that's something that would
> inevitably happen when using one of these standalone routers.

One can use rinetd on the workspace machine/VM to redirect the SocksPort
and ControlPort from the router to 127.0.0.1 and that will keep Tor
browser happy. You also need to configure Tor browser to not start Tor
locally. That's how Whonix handles it, I believe.