Re: [tor-talk] Safeplug
On 22 Nov 2013, at 15:56, and...@torproject.is wrote: On Fri, Nov 22, 2013 at 07:04:00PM +0600, r...@romanrm.net wrote 2.5K bytes in 0 lines about: : On Fri, Nov 22, 2013 at 04:50:44PM +0600, Roman Mamedov wrote: : https://pogoplug.com/safeplug Out of all the concerns about how they implemented it and such, my main concern is that it just adds more clients to the network without giving back in the form of relays or bridges. Or at least, none of their documentation mentions the ability to share freedom and privacy with others. Not telling the Tor people what to do, but that sounds like a good discussion to have with Safeplug? However, this looks like a fine test case for consumer-level torouter market analysis. It would be great to learn 6 months from now how many they sold and a summary of customer feedback. I was thinking the exact same thing when I read about it. If anyone does hear about a non-technical user purchasing one of these, I would appreciate if you could put them in touch with me. I’d like to do some user interviews to see their reactions and their experiences. Thanks, Bernard -- Bernard / bluboxthief / ei8fdb IO91XM / Contact me: me.ei8fdb.org signature.asc Description: Message signed with OpenPGP using GPGMail -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
* on the Mon, Nov 25, 2013 at 11:27:43PM +, Jacob Appelbaum wrote: You shouldn't just route people through Tor without their knowledge. They need to understand the risks and adapt their use accordingly. And what is the risk of barebacking with a network? When your traffic comes out of a Tor exit node, there is a significantly increased risk of passive and active MITM attacks against you, and also increased risk of being locked out of your accounts. What data do you have on passive and active MITM attacks on all of the internet when you compare it with Tor? I don't have any hard data, it's just what I've casually observed. Take from that what you will. I will explain my reasoning at the end of this email. Some systems will lock people's accounts - that is a reasonable concern. Yes. Therefore my statement holds: You shouldn't just route people through Tor without their knowledge. They need to understand the risks and adapt their use accordingly We need these systems to better understand the Tor network, rather than simply punt and stick with the same FUD. Yes, we need both ends of the connection to understand and account for the problem of cycling IPs/countries. Does that user gather my consent for every action that will be tied to me? No. I did not say, don't route people through Tor. I said, don't route people through Tor without their knowledge. Consent goes n ways. As the network operator, I hope the user will understand that they need to protect themselves from my network and routing choices. Similarly, I will try to protect myself and my ISP from being harmed by a user or someone targeting one of those users. As an example, some people wish to deploy captive portals for gathering informed consent. This is a path of madness. In addition to the linguistic failures, I think the last thing we need is *more* blocking and filtering. A click through wrapper isn't useful for much other than a CYA approach to consent which seems... sad. Perhaps you have another way to suggest that we have informed them and they have adequate knowledge? I think that I rarely understand the MPLS tunnels between my DSL circuit and say, DuckDuckGo - do I really need to understand those details to use the network? This whole thing is an idealism vs pragmatism argument. Your argument relies on Tor being just another network like any other. Whereas I'm saying it is different and therefore should be treated differently. I don't have any data to back this up, so you'll probably just label it FUD, but IMO a lot of the Exit nodes are malicious and you're much more likely to have your traffic compromised by a seriously malicious hacker when using Tor than when not. This is why I would not route my mums traffic through Tor without making sure she understood the difference to her normal Internet connection. To be completely clear: Tor is one my favourite OSS projects. I think it's a great and worthwhile piece of software and is very important for many people. Hopefully one day in the not too distant future my C foo will be good enough to contribute, I would love to be employed by the Tor Project at some point. I don't wish to dissuade people from using it. I just want people to be safe when they do. If I, as a random geek, wanted to mess around with MITM attacks to see what information I could steal, I have a few options: I could do it on my LAN at home, targetting friends and family. I could do it at work and risk my job. I could go to somewhere with an open wifi hot spot and target a couple of coffee drinkers reading the news. Or I could spend a couple of minutes setting up a Tor exit node from the comfort of my office, getting sustained access to the traffic of thousands of strangers all over the World. This is why I think malicious Tor Exit nodes are widespread: Because setting them up is easy, attractive and safe. -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 signature.asc Description: Digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
On Tue, 26 Nov 2013 10:54:58 + Mike Cardwell t...@lists.grepular.com allegedly wrote: If I, as a random geek, wanted to mess around with MITM attacks to see what information I could steal, I have a few options: I could do it on my LAN at home, targetting friends and family. I could do it at work and risk my job. I could go to somewhere with an open wifi hot spot and target a couple of coffee drinkers reading the news. Or I could spend a couple of minutes setting up a Tor exit node from the comfort of my office, getting sustained access to the traffic of thousands of strangers all over the World. This is why I think malicious Tor Exit nodes are widespread: Because setting them up is easy, attractive and safe. Agreed. One simple and excellent example would be Dan Egerstad's interception of POP/IMAP UID/passwds back in 2007. That just happens to be public knowledge. Much else probably goes on, but is not public knowledge. As Egerstad reportedly said at the time: For example, several Tor nodes in the Washington, D.C., area can handle up to 10TB of data a month, a flow of data that would cost at least $5,000 a month to run, and is likely way out the range of volunteers who run a node on their own money, Egerstad said. Who would pay for that? Egerstad said. http://www.infoworld.com/d/security-central/security-researcher-intercepts-embassy-passwords-tor-148 Mick - Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net - signature.asc Description: PGP signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
On 2013-11-23 19:38, Philipp Winter wrote: On Sat, Nov 23, 2013 at 02:22:48PM +, Mark McCarron wrote: How about a certification program? A company can donate some funds to have their product evaluated and if successful gain TOR Certified status. It would stop all this nonsense and provide everyone the opportunity to request specific features or amendments to designs. I would imagine such a certificate to be quite misleading. Even professional code audits never catch all bugs. So it would only be a matter of time until one of these Tor certified products would fail horribly which would then provoke reactions along the lines of but... it was certified?. Also, audits are one time snapshots. The very first commit after the certification process might already introduce new bugs. Cheers, Philipp On the other hand, any Tor-Related hardware is of interest the wider community, and many on these lists would be happy to receive/evaluate/give feedback, on both actual physical hardware as well as proposed designs. Ideally, companies interested in producing safeplug like devices would come to the tor-* mailing lists in search of advice, feedback, review of proposed designs, and potential hires/developers. Take note, because we all want to see more Tor in the world! --Aaron -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
On Mon, Nov 25, 2013 at 01:25:37PM +, Gibson, Aaron wrote: On 2013-11-23 19:38, Philipp Winter wrote: On Sat, Nov 23, 2013 at 02:22:48PM +, Mark McCarron wrote: How about a certification program? A company can donate some funds to have their product evaluated and if successful gain TOR Certified status. It would stop all this nonsense and provide everyone the opportunity to request specific features or amendments to designs. I would imagine such a certificate to be quite misleading. Even professional code audits never catch all bugs. So it would only be a matter of time until one of these Tor certified products would fail horribly which would then provoke reactions along the lines of but... it was certified?. Also, audits are one time snapshots. The very first commit after the certification process might already introduce new bugs. On the other hand, any Tor-Related hardware is of interest the wider community, and many on these lists would be happy to receive/evaluate/give feedback, on both actual physical hardware as well as proposed designs. Sure, fully agreed. I just don't think that a certification process is the right way towards that goal. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
Mike Cardwell: * on the Fri, Nov 22, 2013 at 06:17:24PM +, Jacob Appelbaum wrote: You shouldn't just route people through Tor without their knowledge. They need to understand the risks and adapt their use accordingly. And what is the risk of barebacking with a network? When your traffic comes out of a Tor exit node, there is a significantly increased risk of passive and active MITM attacks against you, and also increased risk of being locked out of your accounts. What data do you have on passive and active MITM attacks on all of the internet when you compare it with Tor? As an example, what is an ISP that mines clickstream data? If that happens with your ISP and with say 10% of Tor exit nodes but is no longer tied to your (Government Issued) identity, could you really say that it significantly increases risk of passive attacks? Rather, I think in some cases, it reduces the risk. The same applies to upstream active MITM by say, OpenDNS enabled networks - Tor will likely decrease the effectiveness of such things on the otherwise upstream ISP network. It would also decrease the risk of both passive and active targeted attacks. Some systems will lock people's accounts - that is a reasonable concern. We need these systems to better understand the Tor network, rather than simply punt and stick with the same FUD. Why should I let traffic trace back to my network? Does that user gather my consent for every action that will be tied to me? No. I did not say, don't route people through Tor. I said, don't route people through Tor without their knowledge. Consent goes n ways. As the network operator, I hope the user will understand that they need to protect themselves from my network and routing choices. Similarly, I will try to protect myself and my ISP from being harmed by a user or someone targeting one of those users. As an example, some people wish to deploy captive portals for gathering informed consent. This is a path of madness. In addition to the linguistic failures, I think the last thing we need is *more* blocking and filtering. A click through wrapper isn't useful for much other than a CYA approach to consent which seems... sad. Perhaps you have another way to suggest that we have informed them and they have adequate knowledge? I think that I rarely understand the MPLS tunnels between my DSL circuit and say, DuckDuckGo - do I really need to understand those details to use the network? All the best, Jacob -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
On Fri, Nov 22, 2013 at 09:48:57PM -0500, grif...@cryptolab.net wrote 1.4K bytes in 0 lines about: : Perhaps your most pressing concern should be about whether or not it : protects its users, given that it's using Tor as the vehicle to attempt : that. And any failure to do so would have the side-effect of making Tor I have lots of concerns, but I'm trying to discuss them with Cloud Engines first, before responding to the handful of reporters looking for quotes. The world press seems to want us at Tor to come out swinging and just simply bash the Safeplug. Rather than simply hand over pageviews to press properties, I'd like a real discussion with the Safeplug people first. Working off facts and understanding their side is more important to me than simply reacting with only half the story. The community here seems to be doing a fine job of raising questions. When I have a response from them, I'll either encourage them to respond or share what I've learned. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
How about a certification program? A company can donate some funds to have their product evaluated and if successful gain TOR Certified status. It would stop all this nonsense and provide everyone the opportunity to request specific features or amendments to designs. I understand that no one wants to become a gatekeeper, but ensuring the integrity of the underlying platform is critical. Date: Sat, 23 Nov 2013 13:46:40 + From: and...@torproject.is To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] Safeplug On Fri, Nov 22, 2013 at 09:48:57PM -0500, grif...@cryptolab.net wrote 1.4K bytes in 0 lines about: : Perhaps your most pressing concern should be about whether or not it : protects its users, given that it's using Tor as the vehicle to attempt : that. And any failure to do so would have the side-effect of making Tor I have lots of concerns, but I'm trying to discuss them with Cloud Engines first, before responding to the handful of reporters looking for quotes. The world press seems to want us at Tor to come out swinging and just simply bash the Safeplug. Rather than simply hand over pageviews to press properties, I'd like a real discussion with the Safeplug people first. Working off facts and understanding their side is more important to me than simply reacting with only half the story. The community here seems to be doing a fine job of raising questions. When I have a response from them, I'll either encourage them to respond or share what I've learned. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
On Sat, Nov 23, 2013 at 02:22:48PM +, Mark McCarron wrote: How about a certification program? A company can donate some funds to have their product evaluated and if successful gain TOR Certified status. It would stop all this nonsense and provide everyone the opportunity to request specific features or amendments to designs. I would imagine such a certificate to be quite misleading. Even professional code audits never catch all bugs. So it would only be a matter of time until one of these Tor certified products would fail horribly which would then provoke reactions along the lines of but... it was certified?. Also, audits are one time snapshots. The very first commit after the certification process might already introduce new bugs. Cheers, Philipp -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
* on the Fri, Nov 22, 2013 at 06:17:24PM +, Jacob Appelbaum wrote: You shouldn't just route people through Tor without their knowledge. They need to understand the risks and adapt their use accordingly. And what is the risk of barebacking with a network? When your traffic comes out of a Tor exit node, there is a significantly increased risk of passive and active MITM attacks against you, and also increased risk of being locked out of your accounts. Why should I let traffic trace back to my network? Does that user gather my consent for every action that will be tied to me? No. I did not say, don't route people through Tor. I said, don't route people through Tor without their knowledge. -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 signature.asc Description: Digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
Some more information from [1] - users can whitelist certain sites so that their use is not run through Tor. - Users can also set up Safeplug to work on a per-browser basis, so for example Firefox may always run through Tor while Chrome won’t. - users can also set themselves up as Tor nodes to help others surf anonymously (the default setting for this is “off” as it has bandwidth implications). - People who are sceptical can look at the Linux level(sic) and see exactly what processes are running. Technical users can look inside the box and feel safe that it’s only running Tor.” - Pogoplug has even made firmware updates for the device pull-only, not push – “If we pushed, we’d have to track all the boxes. It’s pull-based for security reasons.” [1] http://gigaom.com/2013/11/21/say-hello-to-safeplug-pogoplugs-49-tor-in-a-box-for-anonymous-surfing/ -- With respect, Roman signature.asc Description: PGP signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
Gordon Morehouse has been spending a lot of time getting the Pi to run as Tor relay: https://github.com/gordon-morehouse/cipollini I've been running a BeagleBone Black relay on a home network for over 2 months now: http://datko.net/2013/09/13/update_bbb_tor/ Josh On Fri, Nov 22, 2013 at 5:43 AM, Chris Burge burgech...@gmail.com wrote: I very rarely (if ever) comment on this list (I like to read and learn). That said, I've been looking into building a TOR router using Pi. This is because I have elements within my home that are technically inept and thus are a danger to themselves and everyone else (ageing parents...what can you say). I've been planning a coup by secretly replacing the current Tomato router with something like the Pi (I've been unsuccessful in getting TOR to work on the Tomato router). The scare, to me, of buying a device is what is in there (things that compromise TOR) but it does tempt me because I'm lazy (probably the cause of my downfall). Granted a router does not guarantee safety from Grandpa downloading something bad that compromises the router but one step at a time...right? On 11/22/13, Sean Alexandre s...@alexan.org wrote: On Fri, Nov 22, 2013 at 04:50:44PM +0600, Roman Mamedov wrote: https://pogoplug.com/safeplug Someone should buy this and post a teardown. :) (via http://www.cnx-software.com/2013/11/22/49-safeplug-tor-router-let-you-browse-the-net-anonymously/ ) I think these kind of devices configured for Tor make good relays, but aren't great for anonymity. Tor anonymizes your IP address and DNS requests, but application protocols can still reveal your identity. From Want Tor to really work? [1]: Tor does not protect all of your computer's Internet traffic when you run it. Tor only protects your applications that are properly configured to send their Internet traffic through Tor. To avoid problems with Tor configuration, we strongly recommend you use the Tor Browser Bundle. It is pre-configured to protect your privacy and anonymity on the web as long as you're browsing with the Tor Browser itself. Almost any other web browser configuration is likely to be unsafe to use with Tor. Articles like these [2,3] should talk about being good relays versus being good for anonymity. [1] https://www.torproject.org/download/download-easy.html.en#warning [2] http://www.cnx-software.com/2013/11/22/49-safeplug-tor-router-let-you-browse-the-net-anonymously/ [3] http://learn.adafruit.com/onion-pi/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Interested in selling your home? Ask me! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
On 11/22/2013 16:53, Red Sonja wrote: How can one be sure that firmware that is running on the router is built from this particular source code and not from some modified version or different revision? Hashes? The ability to build it from sources? If you search you can find a few other solutions. Nope, there is no solution. Hash can only prove it comes from this vendor, it doesn't establish vendor trust. You practically can't prove that firmware is built from the particular source since it is practically impossible to duplicate the build environment for any complex project from the real world. Also how can one be sure that one extra service wasn't added on top of this open source? Go for your own compile and see what's broken. Sorry, this doesn't make any sense. Open source only makes sense when built and installed by the party interested in security, or maybe when it is built by some trustworthy organization, like some trusted linux distro, and not just some random commercial company without any reputation. Not really. How about the tor project? Trust comes precisely from this open source, open review. In fact, Tor is one step above: it's Free Software. Yes, trust comes with the open review, and transparent build process. None of these is possible with firmwares supplied by commercial companies. Therefore, no trust. Product in its original form is pretty much useless for what it is advertised. However, there are many useless products on the market, and commercial success doesn't seem to correlate with usefulness. So I only wish them well in their endeavor. Nice try anyway. Yuri -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
On Fri, Nov 22, 2013 at 04:50:44PM +0600, Roman Mamedov wrote: https://pogoplug.com/safeplug Someone should buy this and post a teardown. :) (via http://www.cnx-software.com/2013/11/22/49-safeplug-tor-router-let-you-browse-the-net-anonymously/ ) I think these kind of devices configured for Tor make good relays, but aren't great for anonymity. Tor anonymizes your IP address and DNS requests, but application protocols can still reveal your identity. From Want Tor to really work? [1]: Tor does not protect all of your computer's Internet traffic when you run it. Tor only protects your applications that are properly configured to send their Internet traffic through Tor. To avoid problems with Tor configuration, we strongly recommend you use the Tor Browser Bundle. It is pre-configured to protect your privacy and anonymity on the web as long as you're browsing with the Tor Browser itself. Almost any other web browser configuration is likely to be unsafe to use with Tor. Articles like these [2,3] should talk about being good relays versus being good for anonymity. [1] https://www.torproject.org/download/download-easy.html.en#warning [2] http://www.cnx-software.com/2013/11/22/49-safeplug-tor-router-let-you-browse-the-net-anonymously/ [3] http://learn.adafruit.com/onion-pi/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
I very rarely (if ever) comment on this list (I like to read and learn). That said, I've been looking into building a TOR router using Pi. This is because I have elements within my home that are technically inept and thus are a danger to themselves and everyone else (ageing parents...what can you say). I've been planning a coup by secretly replacing the current Tomato router with something like the Pi (I've been unsuccessful in getting TOR to work on the Tomato router). The scare, to me, of buying a device is what is in there (things that compromise TOR) but it does tempt me because I'm lazy (probably the cause of my downfall). Granted a router does not guarantee safety from Grandpa downloading something bad that compromises the router but one step at a time...right? On 11/22/13, Sean Alexandre s...@alexan.org wrote: On Fri, Nov 22, 2013 at 04:50:44PM +0600, Roman Mamedov wrote: https://pogoplug.com/safeplug Someone should buy this and post a teardown. :) (via http://www.cnx-software.com/2013/11/22/49-safeplug-tor-router-let-you-browse-the-net-anonymously/ ) I think these kind of devices configured for Tor make good relays, but aren't great for anonymity. Tor anonymizes your IP address and DNS requests, but application protocols can still reveal your identity. From Want Tor to really work? [1]: Tor does not protect all of your computer's Internet traffic when you run it. Tor only protects your applications that are properly configured to send their Internet traffic through Tor. To avoid problems with Tor configuration, we strongly recommend you use the Tor Browser Bundle. It is pre-configured to protect your privacy and anonymity on the web as long as you're browsing with the Tor Browser itself. Almost any other web browser configuration is likely to be unsafe to use with Tor. Articles like these [2,3] should talk about being good relays versus being good for anonymity. [1] https://www.torproject.org/download/download-easy.html.en#warning [2] http://www.cnx-software.com/2013/11/22/49-safeplug-tor-router-let-you-browse-the-net-anonymously/ [3] http://learn.adafruit.com/onion-pi/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Interested in selling your home? Ask me! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
On Fri, 22 Nov 2013 06:25:33 -0500 Sean Alexandre s...@alexan.org wrote: On Fri, Nov 22, 2013 at 04:50:44PM +0600, Roman Mamedov wrote: https://pogoplug.com/safeplug Someone should buy this and post a teardown. :) (via http://www.cnx-software.com/2013/11/22/49-safeplug-tor-router-let-you-browse-the-net-anonymously/ ) I think these kind of devices configured for Tor make good relays, but aren't great for anonymity. Tor anonymizes your IP address and DNS requests, but application protocols can still reveal your identity. If it acts as anonymizing middlebox[1] then perhaps it can provide reasonable anonymity, assuming the user acts as suggested and cleans out the cookies etc, each time before browsing (yes, that's an unreasonable assumption right there). But it's not clear at all if that's what it does, the intro and even their FAQ are all extremely sketchy, and from the described connection scheme (plug into your router?), the middlebox method of operation doesn't appear likely. Would be nice to know more details about hardware, software, principles of operation, default configuration (e.g. does it really setup a relaying node by default?) and the horrendous blunders they baked in, when designing all of this. :) That's why I mentioned that a teardown would be nice. [1] https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy#AnonymizingMiddlebox -- With respect, Roman signature.asc Description: PGP signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
On Fri, Nov 22, 2013 at 07:04:00PM +0600, r...@romanrm.net wrote 2.5K bytes in 0 lines about: : On Fri, Nov 22, 2013 at 04:50:44PM +0600, Roman Mamedov wrote: : https://pogoplug.com/safeplug Out of all the concerns about how they implemented it and such, my main concern is that it just adds more clients to the network without giving back in the form of relays or bridges. Or at least, none of their documentation mentions the ability to share freedom and privacy with others. However, this looks like a fine test case for consumer-level torouter market analysis. It would be great to learn 6 months from now how many they sold and a summary of customer feedback. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
On Fri, 22 Nov 2013 10:56:55 -0500 and...@torproject.is wrote: Out of all the concerns about how they implemented it and such, my main concern is that it just adds more clients to the network without giving back in the form of relays or bridges. If these are all real people using and getting benefit from Tor, well then why not, that's what it's for. Or at least, none of their documentation mentions the ability to share freedom and privacy with others. It kind of does in the FAQ: Does Safeplug slow down my browsing? While using Safeplug, it is likely that you will notice reductions in your overall Internet speed and page-loading times. This is because your Internet traffic is being bounced to computers across the globe to make your Internet browsing impossible to trace. The good news is that the more people use Tor the faster the service runs, so by using Safeplug you are helping the Internet community protect itself from tracking and surveillance. Which is one part I am a bit amazed at, wait is this seriously configured as a relay by default? and if so, what about people's home connection bandwidth caps, etc. (no warnings about this on the website). -- With respect, Roman signature.asc Description: PGP signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
On 22/11/2013 4:50 AM, Roman Mamedov wrote: https://pogoplug.com/safeplug Someone should buy this and post a teardown. :) (via http://www.cnx-software.com/2013/11/22/49-safeplug-tor-router-let-you-browse-the-net-anonymously/ ) I too would be interested in seeing how this actually works. I'm concerned by the need to 'activate' the unit on the manufacturers website before using it. Once you buy the hardware, there should be no need to tell anyone that you have it. Ed -- Ed Fletcher If you are not paying for it, you're not the customer; you're the product being sold. -- Andrew Lewis, August 26, 2010 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
* on the Fri, Nov 22, 2013 at 08:38:40AM -0500, krishna e bera wrote: When people are switched over to Tor without their informed enthusiastic consent, they are likely in for disappointment and you are in for a lot of tech support calls. Some websites will be blocked and most of their internet use will be much slower than they are accustomed to. They might even call the ISP and find out the hard way what happened. It could backfire and turn them against Tor and break their trust in you. They probably wont be happy when their bank locks them out of their account for accessing it from multiple different countries in a short period of time too. You shouldn't just route people through Tor without their knowledge. They need to understand the risks and adapt their use accordingly. -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 signature.asc Description: Digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
Mike Cardwell: * on the Fri, Nov 22, 2013 at 08:38:40AM -0500, krishna e bera wrote: When people are switched over to Tor without their informed enthusiastic consent, they are likely in for disappointment and you are in for a lot of tech support calls. Some websites will be blocked and most of their internet use will be much slower than they are accustomed to. They might even call the ISP and find out the hard way what happened. It could backfire and turn them against Tor and break their trust in you. They probably wont be happy when their bank locks them out of their account for accessing it from multiple different countries in a short period of time too. You shouldn't just route people through Tor without their knowledge. They need to understand the risks and adapt their use accordingly. And what is the risk of barebacking with a network? Why should I let traffic trace back to my network? Does that user gather my consent for every action that will be tied to me? No. All the best, Jacob -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
On 11/22/2013 05:38, krishna e bera wrote: When people are switched over to Tor without their informed enthusiastic consent, they are likely in for disappointment and you are in for a lot of tech support calls. Some websites will be blocked and most of their internet use will be much slower than they are accustomed to. They might even call the ISP and find out the hard way what happened. It could backfire and turn them against Tor and break their trust in you. Also, without the device being open source (and how can it really be?) can there be any trust that it doesn't have back doors by design? Also with the average user typing in personal information himself all over the place, wouldn't this bring the meaning of such anonymizer almost to nothing? Yuri -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
On Fri, 22 Nov 2013 10:45:35 -0800 Yuri y...@rawbw.com wrote: Also, without the device being open source (and how can it really be?) Why can't it be? Well, maybe not the whole device down to the CPU Verilog design level, but they could post source-code for the firmware with the instructions to build and flash it, and since most likely this contains at least the Linux kernel and some GPLed tools like Busybox, they are legally obligated to provide source to whoever they distribute the binary to, on their request. But many router manufacturers don't bother limiting it to just that, and simply post the source code for public download on their websites. -- With respect, Roman signature.asc Description: PGP signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
On 2013-11-22 15:56, and...@torproject.is wrote: On Fri, Nov 22, 2013 at 07:04:00PM +0600, r...@romanrm.net wrote 2.5K bytes in 0 lines about: : On Fri, Nov 22, 2013 at 04:50:44PM +0600, Roman Mamedov wrote: : https://pogoplug.com/safeplug Out of all the concerns about how they implemented it and such, my main concern is that it just adds more clients to the network without giving back in the form of relays or bridges. Or at least, none of their documentation mentions the ability to share freedom and privacy with others. However, this looks like a fine test case for consumer-level torouter market analysis. It would be great to learn 6 months from now how many they sold and a summary of customer feedback. I agree with the market analysis aspect, but I am concerned on the following points: 1. No source or design documents are provided. Despite making use of open source software, and linking to the relevant open source licenses here: http://pogoplug.com/home-en-developers-open-source.html (whoops, a dead link), there are no design documents published, additional contributions or source linked anywhere on the website. If I wanted to contribute a patch, where would I do it? Not providing source for the device is pretty weak -- plenty of other projects, such as Tails and Whonix, have implemented transparent torification and provide extensive documentation and code. 2. Router Registration According to https://pogoplug.com/safeplug, you must click on the following link to activate your device. http://shop.pogoplug.com/store/pogoplug/buy/productID.292114000/quantity.1/pgm.94629500 The link isn't https, and redirects to a page asking for billing information to *buy* a device. I don't have a Safeplug, so I don't know if the page would look any different, but it does imply that they have the ability to differentiate between a Safeplug user and a regular Tor user (me). That smells bad. 3. Automatic updates Not only does this imply that the device must phone home and uniquely identify itself (see, router registration), it also means that code can be pushed to the device. I'd say against the operators consent, but you agreed to that, in the TOS: Updates As part of the Service, you may from time to time receive updates to the Software from Pogoplug that may be automatically downloaded and installed to your applicable device. These updates may include bug fixes, security enhancements or improvements, or entirely new versions of the Software. You agree that Pogoplug may automatically deliver such updates to you as part of the Service. 5. TOS Pogoplug isn't an ISP, and I've never seen a router force a TOS on me before. And, it's one of those nasty ever-changing TOS that assumes if someone actually read it once, they will want to read it again: Pogoplug may update or change these TOS from time to time and recommends that you review the TOS on a regular basis at www.pogoplug.com/safeplug. You understand and agree that your continued use of the Service after the TOS has changed constitutes your acceptance of the TOS as revised. 6. Torified Everything and Anonymity Profile Roger and I had several long talks about the design behind a theoretical Tor Router product, and one sticking point is that although the easy way to do it is to simply transparently torify everything down the pipe, doing so does nothing for the anonymity set of the user behind the black box. We discussed alternate options, such as providing a captive portal that would instruct a user to download a copy of TBB and use the local router device as a first hop into the Tor network, perhaps by configuring the device as a bridge. Clearly not as easy as plug-n-play, but since most users of this type of device would continue to use their original highly fingerprintable browser, transparently torifying everything probably wont provide the anonymity that they claim. And although they do link to https://www.torproject.org/docs/faq.html.en, they should probably take a read through https://www.torproject.org/download/download.html.en#warning themselves. --Aaron -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
On 11/22/2013 11:35, Roman Mamedov wrote: Why can't it be? Well, maybe not the whole device down to the CPU Verilog design level, but they could post source-code for the firmware with the instructions to build and flash it, and since most likely this contains at least the Linux kernel and some GPLed tools like Busybox, they are legally obligated to provide source to whoever they distribute the binary to, on their request. But many router manufacturers don't bother limiting it to just that, and simply post the source code for public download on their websites. How can one be sure that firmware that is running on the router is built from this particular source code and not from some modified version or different revision? Also how can one be sure that one extra service wasn't added on top of this open source? I think the answer to both of these questions is impossible. In addition, governments have the power to execute the secret order on the company to secretly add such back door. Open source only makes sense when built and installed by the party interested in security, or maybe when it is built by some trustworthy organization, like some trusted linux distro, and not just some random commercial company without any reputation. Yuri -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
I bought an early pogoplug device. It was advertised as a means to provide safe and secure file access. This model allowed connecting one's external hard drive via a USB port and connecting via ethernet to WAN thru their infrastructure which ostensibly provided authentication and access control. The idea was you could generate a URL to their server which would, if authenticated than open the door to the files you wanted to share with others. Or you could access your own home files on that external drive from any outside WAN location. For me, it was the ability to place files i wanted to share online 24/7 and since the device used only 4 watts and the external HD perhaps 6-10 watts more, it had a minimal cost for electricity. Leaving a PC online 24/7 as a fileserver costs $15-25 per month in electricity where I live, so potential of saving 80% of that was a boon. I started the mandatory device registration process to get it going, then, before clicking the final OK, decided I'd like to look at the linked Terms of Service since they were quite vague about how all the magic happened. I was curious. Turns out, this little device used a special version of Linux for which THEY had root access, not you. If you jumped through hoops, you could get root access but it was not a process for normal people. They still maintained control. With the level of control they had, the TOS was a concern, because in it you had to grant them full legal permission to: monitor and log your bandwidth usage, the identity of who was accessing the files on your HD, the content of your files (so they could index content and make it easily searchable), AND they had your permission to copy all your files (for evidence purposes) AND...get this... even delete files from YOUR hard drive (should THEY determine them to be 'illegal' or otherwise inappropriate.. pogoplug is NOT your friend. Some geeks figured out how to run a clean version of Linux that didn't connect to pogoplug's content monitoring management service but that is quite complicated. Were Raspberry Pi available back then, I wouldn't have wasted so much buying into pogoplugs lies and deception. Is it far to say I don't trust they? YUP! BM On 11/22/2013 3:21 PM, Yuri wrote: On 11/22/2013 11:35, Roman Mamedov wrote: Why can't it be? Well, maybe not the whole device down to the CPU Verilog design level, but they could post source-code for the firmware with the instructions to build and flash it, and since most likely this contains at least the Linux kernel and some GPLed tools like Busybox, they are legally obligated to provide source to whoever they distribute the binary to, on their request. But many router manufacturers don't bother limiting it to just that, and simply post the source code for public download on their websites. How can one be sure that firmware that is running on the router is built from this particular source code and not from some modified version or different revision? Also how can one be sure that one extra service wasn't added on top of this open source? I think the answer to both of these questions is impossible. In addition, governments have the power to execute the secret order on the company to secretly add such back door. Open source only makes sense when built and installed by the party interested in security, or maybe when it is built by some trustworthy organization, like some trusted linux distro, and not just some random commercial company without any reputation. Yuri -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
Yuri: How can one be sure that firmware that is running on the router is built from this particular source code and not from some modified version or different revision? Hashes? The ability to build it from sources? If you search you can find a few other solutions. Also how can one be sure that one extra service wasn't added on top of this open source? Go for your own compile and see what's broken. I think the answer to both of these questions is impossible. You're a romantic. In addition, governments have the power to execute the secret order on the company to secretly add such back door. Of course. This is why you need GPL v3. No TiVoisation baby! Open source only makes sense when built and installed by the party interested in security, or maybe when it is built by some trustworthy organization, like some trusted linux distro, and not just some random commercial company without any reputation. Not really. How about the tor project? Trust comes precisely from this open source, open review. In fact, Tor is one step above: it's Free Software. No offense, You reasoning sucks. Google did the Android. They are nowhere close to «just some random commercial company without any reputation». Step aside from the media you are consuming. Give it a few months to cool. If you can trust me: nothing important is going to happen even if you miss 10 years. Myself I missed close to 10 and I feel like a century won't be enough. What the media is calling shocking with NSA was done before by STASI. Than KGB before them. NKVD before that. And so on a few millennia. Adolf Hitler had two extra features over Alexander the Great and Muhhamad the crazy prophet that is so ugly nobody wants to pain. One was the closeness. AH is so much closer to us than the others. But still, if you get close to white power groups you can see the hagiography coming to life. Second was the technological advance. That same magic makes NSA so impressive. Still no sign of the excesses of their homologues in Eastern Europe. Some times I think what kind of morons CIA and the gang are employing. I mean from Windows '95 they needed about a decade to figure it out. Naughty-naughty! On TV they say it's the age of information, that speed is the key and other sweet slogans. Back to your issue, check out TBB 3.0. The people involved are about to fix this issue right under your nose. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Safeplug
and...@torproject.is wrote: Out of all the concerns about how they implemented it and such, my main concern is that it just adds more clients to the network without giving back in the form of relays or bridges. Or at least, none of their documentation mentions the ability to share freedom and privacy with others. However, this looks like a fine test case for consumer-level torouter market analysis. It would be great to learn 6 months from now how many they sold and a summary of customer feedback. Perhaps your most pressing concern should be about whether or not it protects its users, given that it's using Tor as the vehicle to attempt that. And any failure to do so would have the side-effect of making Tor look bad (on top of the glaring and potentially serious privacy concerns for users). While it's important to have as much marketing data as possible, it certainly should not be on the forefront of your mind. It would also be only minimally useful -- particularly when compared to actively gaging user interest at events like 30c3. ~Griffin -- Be kind, for everyone you meet is fighting a hard battle. PGP: 0xD9D4CADEE3B67E7AB2C05717E331FD29AE792C97 OTR: sa...@jabber.ccc.de -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk