On Thu, Jul 04, 2013 at 08:34:35PM -0700, reqrypt wrote: > In a nutshell, TorWall does two things: > 1) It (transparently) reroutes all HTTP traffic through the Tor anonymity > network; and > 2) It blocks all non-Tor traffic (including DNS) to and from your computer.
Neat! Bastik pointed out the trademark thing: https://www.torproject.org/docs/trademark-faq But I'll take it a step farther to explain that there actually already *is* a Torwall in the past: https://svn.torproject.org/svn/torwall/trunk/ which is an aborted little applet to turn on or off your firewall with respect to allowing Tor. Hopefully that explains how easy the confusion will be if you have a name like this. > The main advantage of TorWall is that it works with any web browser >(without re-configuration), including Chrome, Internet Explorer, etc. >The firewall component is can also prevent leaks (e.g. DNS leaks) whilst >TorWall is running. Note that TorWall blocks *all* other traffic, so >(for example) a corrupt plugin cannot leak information via a non-HTTP >traffic. To help prevent leaks via HTTP TorWall also routes web traffic >through Privoxy. > > There are some disadvantages to this approach as well. The >TorBorwserBundle contains a browser specifically designed for Tor. >Also, the current TorWall prototype does not support HTTPS. Hm. These both seem like pretty big impediments. As intrigeri said, Tails stopped doing the transparent proxy thing years ago, on the theory that if the given application isn't specifically configured to use Tor, it's probably going to screw up privacy-wise. Privoxy is really no substitute for correctly anonymizing the application-level traffic. (This is the same reason I'm wary of the "provide a wireless access point that transparently Torifies traffic through it" ideas -- it seems like those would be more safely done by giving the user a captive portal that forces her to install TBB, and then only allows Tor traffic to a given set of bridges / relays. But that's another topic.) Back to this topic: is it intercepting outgoing port 80, or is it DPIing on traffic flows to decide they're http? I would be nervous about both of these in terms of the "corrupt plugin" you mention above. --Roger _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
