Le 14/10/2014 09:55, Lunar a écrit :
Jeremy Olexa:
>You are abit late on the project idea:)
>https://www.kickstarter.com/projects/augustgermar/anonabox-a-tor-hardware-router
If this needs repeating on this list: this is a bad idea. It will give
people illusions instead of actual protection.
A bad idea that is doing good on Kickstarter...
I don't see very well the difference with the Onion Pi, except that it's
unclear what code they are using or I missed it (there is a link to a 41
KB gz 'complete' code, this looks quite small so probably they are using
the Tor project code) and there are no warnings about the insecure
aspects of its use as you mentioned.
Anyway, I still think the universal solution is the javascript Tor
protocol inside browsers, browsers would perform the Onion Proxy and
connect to the Tor relays using WebSockets, everything that is fetched
by a page is redirected to the WebSockets (like for example everything
is redirected to the Socks interface when you specify it, the messages
would be encrypted by the Onion Proxy and sent to the Tor circuits over
WebSockets ), unfortunately while the rest exists and is working
(node-Tor) this last point is completely undoable today.
This would work on any device, mobile or not, with the associated level
of security because this would not eliminate the need of the Tor browser
features and probably some confinement/security features would need to
be studied between the page and the ws OP, maybe similar to
http://cowl.ws/, new methods to enforce privacy inside browsers with
principles of code confinement and labels between origins, using what
exists today, postMessage with workers and iframes (clever use of it for
once...)
In addtion browsers will be able to perform the OR function too, so will
be Tor relays, as previously mentioned in this thread if the bandwidth
of the device is bad the interest can be quasi null unless some
multipath possibilities are available, but given the number of browsers
in the world it could be interesting to scale Tor.
So, it's probably worth studying the possibility with browser vendors
(and standards), ie to solve this question: how to pass all the traffic
to a given interface (here the ws OP)?
--
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
