[tor-talk] Tor Cloud

[Naz Gassiep]

As I understand, this is not really a good idea for a couple of reasons:

1. If it takes off, then it places a large amount of Tor's capacity in 
the hands of one organization (Amazon), which is a not so good idea 
because that's the prime vector by which Tor can be attacked: control of 
a statistically significant number of nodes.
2. Amazon EC2 instances cannot inherently be trusted, as the encryption 
will all happen on potentially hostile hardware adding to the risk 
profile of this project. If Amazon found themselves with a NSL, they 
could be conceivably, coerced into monitoring the machine states.

I would recommend establishing a script for apt and yum based distros 
that can be quickly deployed on any VPS hosted by any provider.

My $0.02

- Naz.


On 29/12/2016 4:05 AM, Scott Ainslie wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hello,
>
> I'm in the midst of relaunching Tor Cloud. I renamed it Onion
> Cloud as per a Tor Cloud suggestion.
>
> It builds Amazon Machine Images (AMI) on Amazon Elastic Compute Cloud
> (EC2) that can be set up across multiple data centers in locations
> across the globe to help users sidestep censorship.
>
> It's built upon Ubuntu 16.04.1 LTS (Xenial Xerus). I might add support
> for Ubuntu 14.04.5 LTS (Trusty Tahr) but in the meantime I'm
> concentrating upon supporting Ubuntu 16.04.1 LTS (Xenial Xerus).
>
> I prioritized reducing the amount of needless unsecured communication
> aside from inheriting all the properties of the original and ensuring
> that it's up-to-date.
>
> I'm also concentrating upon strengthening the Amazon Machine Images
> (AMI).
>
> I added support to the Amazon Machine Images (AMI) for HTTP Secure
> protocol-supporting repositories because the repositories Canonical
> maintains don't support it. I hope Canonical adds support to its
> repositories in due time.
>
> Tor Cloud didn't support HTTP Secure protocol-supporting repositories
> but I feel it's crucial to add explicit support for it and adopt a
> defense-in-depth attitude in addition to reliance upon GnuPG detached
> digital signatures.
>
> I'm updating the default GnuPG configuration to add Secure Sockets
> Layer support.
>
> I plan to add support for Microsoft Azure and Google Compute Engine.
> Microsoft Azure has a command-line interface that I can use to add
> support for it as does Google Compute Engine. I'm afraid the cost of
> Microsoft Azure or Google Compute Engine is outright prohibiting being
> able to add support at this time.
>
> I also bought a domain name and set up 3 Domain Name Servers for it. It
> supports Internet Protocol version 4 and Internet Protocol version 6 and
> its Domain Name Server zone is also signed using Domain Name System
> Security Extensions.
>
> I'm intending to publish the shell scripts on GitHub in a fortnight but
> I'm hoping I can publish it before long. I'm still in the process of
> debugging and updating the original shell scripts and I'd like to be
> certain that it's robust.
>
> I'm eager to begin encouraging contributors to help refine it and
> suggest other capabilities that could be implemented to strengthen the
> set up!
> - -- 
> Scott Ainslie <scott at scottainslie.me.uk>
>
>
>
> -----BEGIN PGP SIGNATURE-----
>
> iQIcBAEBCgAGBQJYY/DTAAoJEM18vpeSzTzC3y8P/1Lqw4fkN08xuO1ZqXzylc7e
> mwxCtfoQpAleFKVF5aT84LwpFd+s8EsEQnDPJyZBbRptovu8b5GZM8fqzlCYkU7w
> QQ/InSS+KVq+RAb1WlEjPh5MwWQ7juvIYLgd1ih63mPT/a8OC6SNkmWoiXrZ+TZd
> STR9AkX02ZjNxKJ+ZwxK5eKwB1li+DUV8KCToWVGlKUDeSc+/hRegdecN4u69cUD
> M8QZepWN43CA+d8BHOVxIL36gcKdr8ahWG6dxMK/3J/Y5JqFkCfuBDy3FEr2+5Si
> Y0hDdxqNzbPmeDDo8Jth8pmyeFY4kjnGC8SI7VfFzAodoKhit3T1P/y0BytHGxpM
> AdEz9AkVALqW45MyQS7YkuLAGmN3BbK/IUziGK/APmKqma90/eeIxJS5kOdF4VUr
> I5XCYR5VvOkccnbB1+lWA7eO6JHdcXHTAJEmD0GKDW6mj77B39GkUFKBndudg4jj
> xGk43Wtpz/73qbZSganaRpGXovfTvFyY5eF/wQplp5erMrz0VAuUVzJ0ucZYi0e5
> U+d3LXQUDvJG93p6AkCV3GLXFmBQX5LjKp2u5UyKUjvKa2845yCfbscrRtl13e7D
> PSTLmhUUyfoPDQNr3NgsZrmnuGyBrOiD0A0TIl4tfCD00jFORsDUmzJPl4eMvE/W
> fNJBXMPyTMYvJtZYajgY
> =BejW
> -----END PGP SIGNATURE-----