What is the current state of the art on this, and if it is ready for larger deployment want to buy about 50-100 of them.
-V
On 06/27/2014 09:44 PM, Virgil Griffith wrote:
What is the current state of the art on this, and if it is ready for larger deployment want to buy about 50-100 of them.
In my eyes, an access point that has a captive portal that teaches people about Tor and facilitates the download of Tor Browser etc is much better than transparent proxying. There's been discussions around that regularly on tor-talk, recently again on libtech. You might remember the prototype at the last dev meeting that hosts a bridge and announces the bridge address via DHCP as well (iirc).
On Sat, Jun 28, 2014 at 10:11:24PM +0200, Moritz Bartl wrote:
On 06/27/2014 09:44 PM, Virgil Griffith wrote:
What is the current state of the art on this, and if it is ready for larger deployment want to buy about 50-100 of them.
In my eyes, an access point that has a captive portal that teaches people about Tor and facilitates the download of Tor Browser etc is much better than transparent proxying.
Right. Using a transparent torifying box as a client is dangerous, because your Internet Explorer or other "normal" browser will probably introduce surprising privacy problems compared to using Tor Browser. Using your middlebox as a firewall to prevent non-Tor traffic from transiting, i.e. to make sure you are using only Tor, is much safer but also much less sexy.
And the onionpi boxes don't have enough cpu to be a useful relay.
They do have enough cpu to be useful bridges, but vanilla bridges aren't very useful in the world these days: all the places where you need a bridge you probably need one of the somewhat recent pluggable transports, like obfs3, too. I wonder what the state is of easy-to-install images that include modern pluggable transports and are maintained. Sounds like another "volunteers needed" situation. :)
--Roger
Am 2014-06-29 08:57, schrieb Roger Dingledine:
On Sat, Jun 28, 2014 at 10:11:24PM +0200, Moritz Bartl wrote:
On 06/27/2014 09:44 PM, Virgil Griffith wrote:
What is the current state of the art on this, and if it is ready for larger deployment want to buy about 50-100 of them.
In my eyes, an access point that has a captive portal that teaches people about Tor and facilitates the download of Tor Browser etc is much better than transparent proxying.
Right. Using a transparent torifying box as a client is dangerous, because your Internet Explorer or other "normal" browser will probably introduce surprising privacy problems compared to using Tor Browser. Using your middlebox as a firewall to prevent non-Tor traffic from transiting, i.e. to make sure you are using only Tor, is much safer but also much less sexy.
what would be an approach to build that? the accesspoint would need a list of current entry nodes, which is, all public relays, right?
And the onionpi boxes don't have enough cpu to be a useful relay.
They do have enough cpu to be useful bridges, but vanilla bridges aren't very useful in the world these days: all the places where you need a bridge you probably need one of the somewhat recent pluggable transports, like obfs3, too. I wonder what the state is of easy-to-install images that include modern pluggable transports and are maintained. Sounds like another "volunteers needed" situation. :)
--Roger
Martin Kepplinger:
Am 2014-06-29 08:57, schrieb Roger Dingledine:
On Sat, Jun 28, 2014 at 10:11:24PM +0200, Moritz Bartl wrote:
On 06/27/2014 09:44 PM, Virgil Griffith wrote:
What is the current state of the art on this, and if it is ready for larger deployment want to buy about 50-100 of them.
In my eyes, an access point that has a captive portal that teaches people about Tor and facilitates the download of Tor Browser etc is much better than transparent proxying.
Right. Using a transparent torifying box as a client is dangerous, because your Internet Explorer or other "normal" browser will probably introduce surprising privacy problems compared to using Tor Browser. Using your middlebox as a firewall to prevent non-Tor traffic from transiting, i.e. to make sure you are using only Tor, is much safer but also much less sexy.
what would be an approach to build that? the accesspoint would need a list of current entry nodes, which is, all public relays, right?
(from the February 19th, 2014 of Tor Weekly News:)
Rusty Bird announced [16] the release of corridor [17], a Tor traffic whitelisting gateway. corridor will turn a Linux system into a router that “allows only connections to Tor relays to pass through (no clearnet leaks!)”. However, unlike transparent proxying solutions, “client computers are themselves responsible for torifying their own traffic.”
[16]: https://lists.torproject.org/pipermail/tor-talk/2014-February/032152.html [17]: https://github.com/rustybird/corridor
-
Lunar -
Martin Kepplinger -
Moritz Bartl -
Roger Dingledine -
Virgil Griffith