Re: [tor-dev] I have a group at internet archive that are, interested in buying a lot of OnionPi's
It's already established that, for clients, onion-pi's are discouraged---onion-pi wifi doesn't protect enough (I.e., at all) from browser-based attacks. Given that, The question is now, Are onion-pi's are good enough to be useful relays? Roger said no. Is there a more informed opinion on this matter---particularly from someone who has actually tried this? Are there any relays that are known to run on onion-pi? If an onion-pi is insufficient for a useful Tor relay, what is the limiting reagent? What more does it need to be useful? -V ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] I have a group at internet archive that are interested in buying a lot of OnionPi's
On Sat, Jun 28, 2014 at 10:11:24PM +0200, Moritz Bartl wrote: On 06/27/2014 09:44 PM, Virgil Griffith wrote: What is the current state of the art on this, and if it is ready for larger deployment want to buy about 50-100 of them. In my eyes, an access point that has a captive portal that teaches people about Tor and facilitates the download of Tor Browser etc is much better than transparent proxying. Right. Using a transparent torifying box as a client is dangerous, because your Internet Explorer or other normal browser will probably introduce surprising privacy problems compared to using Tor Browser. Using your middlebox as a firewall to prevent non-Tor traffic from transiting, i.e. to make sure you are using only Tor, is much safer but also much less sexy. And the onionpi boxes don't have enough cpu to be a useful relay. They do have enough cpu to be useful bridges, but vanilla bridges aren't very useful in the world these days: all the places where you need a bridge you probably need one of the somewhat recent pluggable transports, like obfs3, too. I wonder what the state is of easy-to-install images that include modern pluggable transports and are maintained. Sounds like another volunteers needed situation. :) --Roger ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] I have a group at internet archive that are, interested in buying a lot of OnionPi's
Roger wrote: And the onionpi boxes don't have enough cpu to be a useful relay. I'm not sure what the definition of 'useful relay' is, but I am running an exit relay with 900KB/s and between 1000-1500 consensus weight. This is the limit for the pi, but definitively above the 100KB/s I read somewhere else. Also, although I know it is nowhere near decent security, I do get a warm feeling from the fact that all my non-tor home traffic gets mixed/emitted along with tor exit traffic. I'm not running an onionpi because I prefer TorBrowser for all the good reasons, but the pi makes a nice little relay I think. R. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] I have a group at internet archive that are interested in buying a lot of OnionPi's
Martin Kepplinger: Am 2014-06-29 08:57, schrieb Roger Dingledine: On Sat, Jun 28, 2014 at 10:11:24PM +0200, Moritz Bartl wrote: On 06/27/2014 09:44 PM, Virgil Griffith wrote: What is the current state of the art on this, and if it is ready for larger deployment want to buy about 50-100 of them. In my eyes, an access point that has a captive portal that teaches people about Tor and facilitates the download of Tor Browser etc is much better than transparent proxying. Right. Using a transparent torifying box as a client is dangerous, because your Internet Explorer or other normal browser will probably introduce surprising privacy problems compared to using Tor Browser. Using your middlebox as a firewall to prevent non-Tor traffic from transiting, i.e. to make sure you are using only Tor, is much safer but also much less sexy. what would be an approach to build that? the accesspoint would need a list of current entry nodes, which is, all public relays, right? (from the February 19th, 2014 of Tor Weekly News:) Rusty Bird announced [16] the release of corridor [17], a Tor traffic whitelisting gateway. corridor will turn a Linux system into a router that “allows only connections to Tor relays to pass through (no clearnet leaks!)”. However, unlike transparent proxying solutions, “client computers are themselves responsible for torifying their own traffic.” [16]: https://lists.torproject.org/pipermail/tor-talk/2014-February/032152.html [17]: https://github.com/rustybird/corridor -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] I have a group at internet archive that are interested in buying a lot of OnionPi's
Roger et al, I'm interested in something like onion-pi to be a Tor relay. Is there something with enough COU to be viable? I know nothing about this embedded scene. -V ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] I have a group at internet archive that are interested in buying a lot of OnionPi's
On 06/27/2014 09:44 PM, Virgil Griffith wrote: What is the current state of the art on this, and if it is ready for larger deployment want to buy about 50-100 of them. In my eyes, an access point that has a captive portal that teaches people about Tor and facilitates the download of Tor Browser etc is much better than transparent proxying. There's been discussions around that regularly on tor-talk, recently again on libtech. You might remember the prototype at the last dev meeting that hosts a bridge and announces the bridge address via DHCP as well (iirc). -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] I have a group at internet archive that are interested in buying a lot of OnionPi's
What is the current state of the art on this, and if it is ready for larger deployment want to buy about 50-100 of them. -V ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev