Hi all,
I saw Andy Greenberg’s writeup of the Home Assistant piece on Tor here: https://www.wired.com/2016/07/now-can-hide-smart-home-darknet/, and couldn’t help but feel that while the documentation for the setup is an excellent guide on setting up authenticated hidden services that there were some points being missed with the project. I’m not sure if this is the right place to talk about it, but I thought I’d post here as the last time I did something with Tor I think I could’ve handled things better, and want to try and reach out to Tor peeps before doing anything.
So, my points regarding the project are (in no particular order):
1. The project is potentially less usable for quite a lot of users (e.g. iOS users, Windows Mobile users etc.) and requires an installation of Tor on both client and server, as opposed to other approaches. Not a criticism of the hard work put in, but merely a statement of practical constraints.
2. I understand the how, but I’m not quite sure of the why given point 1, compared to other approaches such as a port forward and .htaccess file (home-assistant supports a password through the api_password option, but I don’t know how robust the app is overall, a brief play a while back led me to stay with openhab for my own home). Again, not a criticism of Guardian project’s hard work, and probably more that I’m missing something.
3. While this provides encrypted transport for a home automation solution, it does nothing for shonky IoT devices themselves. I would’ve thought that the bigger threat to home data comes from devices having to share a network and engaging in overreach. I think maybe I’m misunderstanding the threat model or purpose, so this may be an extension of point 2.
I think good, practical guides for hidden services are a great idea, and there are some brilliant potential applications for Tor in this respect (such as removing the need for port forwards) that go beyond Tor’s traditionally popular use cases.
On to the thing I was planning on talking about.
In my view, the primary issues we face with overreaching IoT devices come from malicious IoT devices engaging in overreach on the network, or having insecurities that can’t easily be addressed by users. A segregated network is a good thing, but even so, sometimes you don’t want stuff to appear to come from your home network. IoT devices tend not to use huge amounts of data (with the exception of media streamers like TVs and such). I think Tor can occupy a special place in a protective role here.
I have at home a little pocket router that I built a while back that runs Tor, only allows connections through tor from the LAN side and no connectivity to the rest of the home network. However, thanks to some iptables mangling and openwrt config it does allow access from the home LAN to the IoT devices.
I’m not a fan of tor routers in general (having built several, and various other tor-related things I think a lot of the things people would use them for are not things they should use tor routers for), but in this case a tor router would help:
1. Stop overreach in terms of network access (e.g. scanning home NAS servers). 2. Allow people to insure themselves against compromise (e.g. remote exploits in cheap cameras won’t affect their local network). 3. If done properly will allow people to use IoT devices without exposing any data about themselves, including their location or source address.
I asked briefly on twitter if people would be interested in this and a few people contacted me to say yes. I’m thinking of releasing this in a week or two. I wanted to approach the list and ask if anyone has any problems with this, suggestions or thoughts prior to releasing, as it was just something for me at home, but appears that others may be interested - and given the discussion was founded on the hard work of others, don’t want to put anyone’s nose out of joint by releasing something I’m sure any press would see as similar, even if it has the opposite approach and purpose.
Cheers, Steve