[tor-talk] Tor Router

Duncan dguthrie at posteo.net
Sat Jul 22 15:38:40 UTC 2017 

Hi, Andri,

There are many similar projects that are "Tor routers". Many of the 
projects floating around Github and the like are produced by amateurs 
with little understanding of the requisite conditions and safe 
configurations, and as a result, they are remarkably poorly configured.
Nonetheless, even if a project is evaluated to be correctly configured, 
it's often a bad idea to use it, and as a result, these should not be 
relied on for anonymity unless you know what you are doing.

Firstly, the programs on your computer are likely not going to be 
correctly configured (1) to use Tor in a manner that does not leak 
metadata and securely transfer information and (2) to practice good 
stream isolation.

Why's the first point important? Well, your email client, for instance, 
might append certain types of metadata to the headers of sent mail, or 
might send your password insecurely, or in a manner that makes it 
trivial for a bad exit node to recover this password, for example, the 
problems with STARTTLS, a common protocol designed for securely 
communicating with the mail provider, is known to be broken such that a 
bad exit can downgrade the connection to plaintext: 
https://blog.filippo.io/the-sad-state-of-smtp-encryption/. Other parts 
of your operating system might inappropriately be sending data that is 
unnecessary, or even dangerous such that it could compromise anonymity.
The second point is also very important. Tor Browser practices stream 
isolation between tabs (for new connections etc) and other programs 
correctly configured do this too, like the parcimonie.sh script. If 
stream isolation is not practiced, different programs may share the same 
tor circuit, which is a great risk.

In light of this, I'd argue that journalists (and ordinary citizens!) 
should just use Tails, which chooses and configures programs to use Tor 
safely. For instance, it makes use of the TorBirdy extension for 
Thunderbird, which configures Thunderbird to have safer settings for 
sending mail over Tor. It will also do the same for other programs, but 
you should be aware installing extra software is dangerous in some 
cases. It also runs live, on a USB drive for instance, which makes it 
suitable for traveling.

Best,
- D

Andri Effendi:
> Hi Tor Community,
> I remember some time last year there was talk about a router for
> journalists to bring with them when they went abroad.
> 
> It was really simple. I don't remember what it was called, netaid 
> netkit???
> 
> Does anyone here know? Whats the progress of that project?
> 
> Is it safe to use? Also where can I find it online?
> 
> Kind Regards,

More information about the tor-talk mailing list