Tor Now Comes In a Box

Daniel_Stuckey writes "Tor has been in the spotlight lately as a way to keep prying eyes away from your online activities. However, to your average internet user, the covert network of relays and whatchamacallits can come off as too complex and intimidating to bother with — even as people are increasingly concerned with their online privacy in light of the NSA scandal. So goes the thinking behind Safeplug, a new hardware adapter that basically puts Tor in a box. It takes 60 seconds and 50 bucks to plug the privacy box into your router, and you're good to go, the company claims. Like anonymous browsing for dummies. The adapter comes from hardware company Pogoplug, which announced its new product yesterday and hopes it will bring Tor to the mass market by offering more consumer-friendly access. 'We want to just take what is currently available today to a more technical crowd and democratize it, making it easier to use for an average user,' CEO Dan Putterman told GigaOM."

Make it easy?

[Zemran]

Have you installed TOR on a winders box recently? It is not complicated and certainly does not need a geek to help you.

Re: Make it easy?

The difference being that you have to install tor in every single device you are using, with this box you anonimize the whole traffic of your network, anyone using your WiFi is automatically routed through TOR.

Re: Make it easy?

[supersat]

One of the problems with that is that sometimes your real IP can leak out. For example, if you visit a page that installs the FBI's CIPAV malware, it will bypass Tor and report the real IP. If all traffic is routed through Tor by another device, this won't work.

Re:Make it easy?

And you can use SelekTOR (google SelekTOR Exit Node) which makes it even easier.

Re:Make it easy?

But that's still a pain in the ass if I want to install it on all the machines in the house. Sure I could setup one machine as a firewall to do this, but again pain in the ass. I just want an appliance that's small and fanless and I can plug it in and route all network traffic through it and not spend any time worrying about configuring it.

Re: Make it easy?

Sure - if you have malware, all bets are off. So don't use malware, then. "A page" never ever installed anything on my computer - the advantage of not using microsoft products.

Re: Make it easy?

unless. the device gets infected by FBI's CIPAVv2 malware.

Re: Make it easy?

[Kardos]

Well that's hardly an unsolvable problem, just put another tor router box in series with the malware infested one.

Re: Make it easy?

[CanHasDIY]

Well that's hardly an unsolvable problem, just put another tor router box in series with the malware infested one.

Hey, that's a good question: do the stats on these things stack? I.e., if I put 3 of them in series, am I 3X as anonymous?

Re: Make it easy?

No, you're actually 4 times more anonymous. You see, for every box you plu, you'll be twice as anonymous: 1 --> 2 --> 4 !

Re:Make it easy?

[Splab]

The TOR busts the FBI did earlier this year was malware infecting windows users using outdated versions of TOR (for windows).

A TOR AP makes very good sense, since you can easily change MAC adr. local IP etc. to something other than the normal network, making leaks very hard to use.

Re: Make it easy?

[Ingenium13]

You can use Whonix in virtualbox. It basically replicates this setup, where you have a gateway VM and a workstation VM. The workstation can only access the Internet through the gateway. So if the workstation is compromised it still can't leak your IP.

Re: Make it easy?

[Damarkus13]

But, how does it do that. The article and even the Safeplug website do not explain the mechanism it uses to redirect your traffic to Tor. There aren't even any pictures of the back off the device that I can find.

Does it sit between your gateway and your router, and transparently redirect all packets to the tor network?

Do you just plug it into a router port and point your devices at it as a proxy?

Where is the source code? If we're going to be paranoid enough to use Tor for everything, shouldn't we demand to audit the code for security holes and possible backdoors?

It just seems like a product without a niche. Most users have no desire to use Tor, and those that do are typically savvy enough to set it up themselves.

Re: Make it easy?

[Gothmolly]

And what IP is going to be reported when the Tor gizmo on your same cable modem NAT hits the internet? Wait for it... your cable modem IP. Either that or 192.168.1.2, which I hear is a popular one.

Re: Make it easy?

Another case of the perfect being the enemy of the good. Technology does not have have to be perfect for it to be useful, furthermore there is always a cost/benefit tradeoff. Even locks that are easy to pick and windows easily broken are useful. I know that most of you have a condescending attitude towards users who are unconcerned about internet privacy. It may well their cost benefit tradeoff is far more reasonable than yours.

Re: Make it easy?

[hairyfish]

Or automatically routed through any proxy the supplier chooses right? I mean how would you know if this doesn't just send all traffic to a pseudo TOR network setup by the NSA which captures everything you do?

Re: Make it easy?

[garompeta]

I don't see how it is so hard to understand for you, it is very simple, it is a router that connects to tor. It is super practical to anonymize a whole LAN in a single shot.

Re: Make it easy?

[garompeta]

Unless you have a firewall to block normal internet traffic, and only allow tor traffic to go through. In that case, even if your box gets compromized, there is no way of launching a side-channel attack.

Re: Make it easy?

[MrEricSir]

One of the problems with that is that sometimes your real IP can leak out. For example, if you visit a page that installs the FBI's CIPAV malware, it will bypass Tor and report the real IP. If all traffic is routed through Tor by another device, this won't work.

There's a much easier way to to leak your IP over Tor -- use UDP. Or anything other than TCP, for that matter.

Re: Make it easy?

[bobthecow]

Because the information provided isn't sufficient to understand what the box actually does. Does it act as a DHCP provider? How would my devices know to use it? Since it sits inside the network, how would devices which want to use it know its there? Do I have to update proxy settings on browsers?

Re: Make it easy?

Oh, Great, It's routers all the way down!

Re: Make it easy?

[ShaunC]

I mean how would you know if this doesn't just send all traffic to a pseudo TOR network setup by the NSA which captures everything you do?

AKA half of Tor, I'd imagine. The point of Tor has never been to evade detection by the NSA. It's to anonymize your internet traffic to prevent the destination service operator from knowing who/where you are. It's essentially a chain of "legitimate," marginally highly-available TCP proxies that anyone can use without having to create or rent a botnet. Hidden services are a nice side effect, or at least were until Silk Road's compromise spooked everyone.

That said, your point stands: there's not enough information about how this magic box works.

Re: Make it easy?

Why would I want to install malware? What's in it for ME?

Re:Make it easy?

Clearly the benefit of a plug like this isn't at home. Bring down the price and size a notch and it will be ideal to hide at libraries, schools and other places that can't be traced back to you.
Suddenly there is a whole bunch of tor nodes in your town that you can connect to, all of them used for completely legal stuff.

Re: Make it easy?

192.168.X is a local address and shouldn't leave your LAN, even if it does, you cant get to anyone knowing there LAN IP address as its not relevant to moving data through the internet.

Re: Make it easy?

A router that connects to Tor, or a router that claims to connect to Tor? :)

Re: Make it easy?

[Pseudonym+Authority]

Freedom Hosting's compromise was used to host an exploit for Firefox. The shellcode used Windows calls, but it was Firefox that was executing them, meaning it had all the rights that Firefox itself had, meaning it would probably have worked fine on any other OS with a little tweaking. But alas.

Re: Make it easy?

[Pseudonym+Authority]

That was his point. Don't connect to the internet directly; connect to this box (likely a cheap computer running iptables and tor) over the LAN so that any FBI malware can't get your real IP.

Re: Make it easy?

[makomk]

It almost certainly just acts as a transparent proxy that intercepts connections and DNS requests and sends them through Tor - there's already support in the Tor client for doing this.

Re:Make it easy?

[wonkey_monkey]

Have you installed TOR on a winders box recently?

You don't even have to install it (for web browsing at least).

https://www.torproject.org/projects/torbrowser.html.en

Re: Make it easy?

with this box you anonimize the whole traffic of your network, anyone using your WiFi is automatically routed through TOR.

This is not anonymous at all, because all your devices will use the same Tor chain. This will leak a lot more information about you, than if they each would use their own Tor chain. It also ties together your devices, so it might even give you less anonimity, than just using one dedicated device with Tor and the rest without it.

Re:Make it easy?

[hacker]

No source.
Non-free.
No Mac version.
Nothing for mobile devices.

No thank you.

Additional comment

[finkployd]

We now turn to Admiral Ackbar who I believe has a comment on this development....

Re:Additional comment

[bob_super]

Indeed, "Safeplug" just makes me think of "PATRIOT" as one of these words that should make you scrutinize whoever says it.

Re:Additional comment

[oodaloop]

Does it involve being able to repel firepower of that magnitude?

Roll your own

[pegr]

Wireless Tor AP built with a Raspberry Pi: http://learn.adafruit.com/onion-pi/overview

Re:Roll your own

[necro81]

That was my thought exactly: "Say, didn't Adafruit just have an article in Make Magazine about using a Raspberry Pi to make a wireless Tor proxy?" Why yes, they did.

Re:Roll your own

Yeah but, when your non-technical friend asks you about using Tor, do you want to point them to Raspberry Pi and get a dirty look, point them to the browser plugin and forever be saddled with support questions, or point them to the $50 "just plug it in and forget about it" hardware and earn their gratefulness?

Re:Roll your own

Now figure a way to make it run from solar, hide it somewhere within range of free wifi, and now you have a true anonymous TOR proxy.

Re:Roll your own

[John+Bokma]

Decisions, decisions.... 50 USD out-of-the-box solution or tinkering your own for nearly twice that money...

Re:Roll your own

tinkering your own for nearly twice that money...

To be fair, the safeplug isn't a wireless access point, so the Pi version might be better in some cases.

Re:Roll your own

[i_want_you_to_throw_]

YES! or you can buy Adafruit's version already built with US and US intelligence friendly exit nodes excluded here for only a few bucks more PAPARouter

Re:Roll your own

It seems to me that it says that it blocks countries that are friendly to US intelligence, not specific nodes. Also, I run a Tor relay and I've got a pretty good handle on exactly which configuration options are available. So you're suggesting that 2 lines in a configuration is worth buying their version?

Re:Roll your own

[doronbc]

or just use torgaurd with any ddwrt capable router

Re:Roll your own

[gl4ss]

the pi version just needs copying to sdcard... not that much tinkering.

of course you could just run it on a router you already have or a pc.

Re:We are fucked.

[just_another_sean]

Yeah, fuck those Dems for making TOR so hard to install!

Oh, I mean, wait... What the fuck are you on about?

how is this different than a browser plugin?

[schlachter]

i like the idea of a $50 plug and play box for tor, but how is this different than using a browser plugin? a serious question, not being rhetorical.

Re:how is this different than a browser plugin?

Ease of use, flexibility with non-browser applications and devices (SSH, FTP, tablets, phones, etc.)

Re:how is this different than a browser plugin?

[Sqr(twg)]

One difference would be that this works for every piece of software on every computer that you connect to the network after the box - not just one browser.

This can be good or bad. You may be doing something very secret on your secure, anonymous computer. Then an insecure app on your iPhone opens an unencrypted connection to some server and tells the tor exit node who you are.

Re:how is this different than a browser plugin?

[John+Bokma]

I guess you mean the host /after/ the tor exit node.

Re:how is this different than a browser plugin?

[Qzukk]

No, in his scenario, the tor exit node is run by a government that is watching all the traffic come out. Then they see your iPhone connection come out with your name, phone number, GPS location, etc. and can match that to all the other streams of data coming through the same circuit.

Re:how is this different than a browser plugin?

[Fnord666]

i like the idea of a $50 plug and play box for tor, but how is this different than using a browser plugin? a serious question, not being rhetorical.

Well, for one thing the "tor in a box" won't be there if you connect to the internet anywhere other than your home network.

Alternatively

Just use SelekTOR for easy tor exit node selection and as a nice little byproduct use the media patterns to access UK TV online, get to see the Dr Who anniversary when the Brits do, see here http://www.dazzleships.net/?page_id=71 for download and other info.

Why Pay the NSA to put a box on your connection?

[outofoptions]

Color me skeptical.

Put Tor in a box??

It's untinkable that the Mighty Tor could be trust into a box such as tis.

Re:Put Tor in a box??

[CanHasDIY]

Had to read it twice.

Good one.

Re:Put Tor in a box??

[gweihir]

Hehehehe, nice!

Re:Put Tor in a box??

Tor? I'm to(e) tor I can't pit...

Is Tor being safe?

[ruiner13]

It isn't nice to refer to her as a "box". I hope he's using a condom.

Why would we trust Pogoplug?

Their other products phone home because they are really in the business of selling online services, not network hardware.

Re:Why would we trust Pogoplug?

[Em+Adespoton]

Their other products phone home because they are really in the business of selling online services, not network hardware.

I always just had issues with their name... does their network hardware go up and down all the time?

Re:Why would we trust Pogoplug?

[melikamp]

Their FAQ says the following about why safeplug is secure:

.
.
.

Oh, wait, it doesn't say anything. No description of the software, no developer access, "activation"? WTF is that? This is just another spy box, folks, just like your cellphone and your self-encrypting storage unit.

Re:Why would we trust Pogoplug?

[QRDeNameland]

My take on the name was:

We have met the enemy... and he is US.....intelligence.

Thanks,

Obama!

Why would you trust Pogoplug?

[frovingslosh]

Yea, but this one doesn't phone home.Thanks to a "National Security Letter" it phones directly to the NSA. Not that it maters, since the NSA is closely monitoring all of the TOR portals anyway.

Security Theater, it's not just for airports anymore.

Sounds good

[Kardos]

But we're going to need a lot more tor nodes, particularly exit nodes

Re:Sounds good

[Korielus]

The number of exit nodes really depends on the country some have plenty others not so much. I use SelekTOR myself which can be found here http://www.dazzleships.net/ which lets you choose your exit node and also uses URL pattern matching which allows you to bypass a lot of geographic web blocks and watch UK tv for free.

Re:Sounds good

[CanHasDIY]

Do they broadcast BBC4 online? I haven't seen a new episode of Top Gear in months.

That alone would be enough to get me to use the software.

Re:Sounds good

[Korielus]

Everything that is available via the BBC iPlayer website is available using SelekTOR and the dowloadable media patterns, also gives access to ITV and Channel 4 catchup and unblocks various torrents sites that have been blocked in the UK. You can also create your own URL patterns.

Re:Sounds good

WTF? That site requires me to disable both NoScript and AdBlock!

Re:Sounds good

[CanHasDIY]

Awesome to the max, will give it a shot tonight!

Thanks for the intel.

Re:Sounds good

[Hatta]

Rather than exit nodes, we need a lot more dark net content.

Re:Sounds good

[StikyPad]

You first.

Re:Sounds good

Even if you can't stomach the risk of running an exit node, you should give something back to the network. Run a non-exit relay, and donate 25 GB of your bandwidth a month. Just remember to set your RelayBandwidthRate and RelayBandwidthBurst (96 KB and 128 KB work well to provide roughly 25 GB/month).

Here's a sample configuration. I recommend using it with ARM and a local DNS server. If you enable the TransPort, you can use iptables to force all system traffic through Tor, though this requires extreme care to avoid leaking personal details. The choice of which nodes/exit nodes to exclude should be made carefully, after some consideration of your objectives. Don't forget to set up port forwarding and punch holes in your firewalls, or relaying won't work.

User tor
DisableAllSwap 1
AvoidDiskWrites 1
DataDirectory /home/tor/.arm/tor_data
Log notice file /home/tor/.arm/tor_log
CookieAuthentication 1
RunAsDaemon 1
DisableDebuggerAttachment 0

Address INTERNET_FACING_IP_GOES_HERE
ControlPort 9052
ORPort 9001
DirPort 9030
DNSPort 9053
AutomapHostsOnResolve 1
#TransPort 9040

BandwidthRate 192 KB
BandwidthBurst 256 KB
RelayBandwidthRate 96 KB
RelayBandwidthBurst 128 KB
ExitPolicy reject *:*
StrictNodes 1
ExcludeNodes {??}
ExcludeExitNodes {us},{gb},{??},{A2}
GeoIPExcludeUnknown 1
FastFirstHopPK 0
ExtraInfoStatistics 0
DirReqStatistics 0
BridgeRecordUsageByCountry 0

Re:Sounds good

No it doesn't.

Whats in the box?!?

Its my Tor in a box.

Re:We are fucked.

[Zemran]

Yes, I speak English, the problem is that I do not understand all that bollox.

Tor? Reallly?

[DogDude]

I honestly didn't know people still used Tor.

Last I tried it, it necessarily slowed my Net connection down to essentially unusable because of an obvious lack of "exit nodes". Besides, all it does is add some very, very simple obfuscation to what you may be doing on the Net. It doesn't in any way provide any meaningful protection. The nature of TCP/IP precludes true anonymity. People pursuing anonymity through TCP/IP are the same kinds of people looking for perpetual motion machines.

Awesome

Mainly like this because it makes people into Tor nodes. This is a good thing all around.

Wow! Real privacy???

Because as well all know, there's no way Tor could be compromised by the NSA, monitoring enough entrance and exit nodes to pick up your traffic and trace it to final destination.

Re:Democratize it

From Merriam Webster:

to make (something) available to all people : to make it possible for all people to understand (something)

Democratization is a common term that existed long before USA appropriated "democracy" as part of their call to arms, you brainwashed yank.

Why do they hate America?

Why does this country hate America? Why does it want America to fail? Terrorists and child pornographers are going to use this company's product to hurt people.

Overkill?

[RevWaldo]

Do you really need to anonymize everything 24/7, like when you're watching Netflix? Doesn't that extra traffic overload the Tor network?

.

Re:Overkill?

I don't want anyone to know I watched Sharknado

Re:Overkill?

[Kardos]

Sorry Tim, we already know you what you watch, you paid with your credit card remember?

Re:Overkill?

[Kardos]

Netflix accounts aren't anonymous, they already know everything you watch.

Re:Overkill?

Yes; you want to be able to hide the suspicious data inside the mundane. Makes it harder to figure out how to spend resources tracking you.

The only reasons this might be bad are for fear of overloading the network, and the latency.

Re:Overkill?

It is still overkill using it for streaming video, anyone trying to track you can easily filter that out, so it isn't like doing that will overload with data anyone monitoring you, or since for services like Netflix you have to log in, it can be used to identify you.

TOR IS NOT ANONYMOUS

Do not rely on TOR for anonymity.

Re:TOR IS NOT ANONYMOUS

Of course it is. Anonymity is compromised by the data you send through it or by correlating Tor traffic with clear traffic. Both of things can be avoided and are not a flaw in the system itself but rather user error.

Re:Democratize it

[wcrowe]

Hardly a buzzword. To democratize something is to make it available to all. From the Greek demos (people) + kratia (power).

Wow Black helecopter syndrom

[zferrini]

All I have to say is "What you are doing that important to keep secret"? I dont care if they read everything and every email i send. The only reason to be afraid of them spying on you is you are either doing something slightly illegal or imoral or you are a chimo(Child Molestor), terrorist, or just a POS human.

Re:Wow Black helecopter syndrom

[Hatta]

What am I doing that's so important to keep secret? I'm minding my own business, that's what. You should do it too.

The reason we should all be afraid of the authorities spying on us is because more often than not, they are the POS humans that are the greatest threat. Remember COINTELPRO? Remember the FBI infiltrating mosques? Remember the IRS harassing political groups? Remember people like Thomas Drake being prosecuted for blowing the whistle on massive amounts of public corruption and fraud?

In an authoritarian regime, anything you do that stands out will get you unwanted attention. If you don't believe we're authortarian today, there's no guarantee we won't be in the future. If we can't protect our privacy today, how will we protect it then? If you want to live a free life, you need privacy.

Re:Wow Black helecopter syndrom

dumbest post of the day, congratz !

Re:Wow Black helecopter syndrom

I'm afraid that the person spying on me is immoral, a terrorist or just a POS human, and will abuse his power position. If all people were perfect we wouldn't be having this exchange of generalisations.

Re:Wow Black helecopter syndrom

Don't forget "false positives" - you are perfectly perfect, and god will let you in, but:
- a virus/botnet stashes evil on your PCs
- your resident juvenile lets your wifi password out to the world as a facetwit, and LOL! boobies and evil.
- LEO's with a quota get reasonably suspicious looking at something, and think its you, because, well, they think its you.
Doesn't matter if you get lucky or justice at this point, your wallet is lighter, your boss has fired you, your house is foreclosed and your wife is living at her mom's.

You get what you deserve.

Re:Wow Black helecopter syndrom

I'm afraid that the person spying on me is immoral, a terrorist or just a POS human, and will abuse his power position. If all people were perfect we wouldn't be having this exchange of generalisations.

Actually, they are pedos also because they like to watch our children online. Bunch of dirt bags, people should string them all up from trees by their necks.

Re:Wow Black helecopter syndrom

Maybe someone wants to research problems with hemorrhoids but they don't want all of the ads showing up on their browsers. Maybe someone wants to criticize a government program and not 'get on a list'. Maybe a journalist wants to do research and not set off any NSA red flags. There ARE legitimate reasons people desire anonymity. If you don't care who sees what you do, then you are being myopic.

Re:Wow Black helecopter syndrom

[Somebody+Is+Using+My]

As importantly, if you only encrypt things that you want keep secret, then you might as well not keep them secret at all. Not only are you waving a flag and essentially waving a red flag attracting Their* attention that you are now doing something covert ("I am done surfing Amazon.com and now intending to visit a forbidden website!"), it also makes it easier for Them to correlate your obfuscated traffic with traffic with the traffic that hits a forbidden site ("Hmmm, Bob went on Tor at 08:24:42.342 and at 08:24:42.359 traffic from a TOR exit node hit TheNSASucks.Com...").

On the other hand, if you disguise all your activity online, it makes it much harder for Them to do this sort of pattern matching.

So if you are going to use TOR - or use other similar privacy-protecting technologies or techniques - it is best used ALL the time and not just when you are doing something that specifically you don't want the bad guys to know about.

And as the previous poster indicated, just because what you are doing now isn't considered wrong doesn't mean it won't be considered immoral or illegal in the future, or used out of context by others to your disadvantage. As organizations become larger and more bureaucratic, they become more detached from the harm - intentional or otherwise - they can inflict on individuals. And it is not only governments who can cause this harm; corporations gather as much information about us and - as has been frequently been shown over the past few years - are far more careless about how they secure that information. As the old proverb goes, 'an ounce of prevention is worth a pound of cure'; I'd rather try to keep as much of my life out of anyone else's hands rather than try to clean up the mess after that same information is being used against me.

* They, Their and Them are generic placeholders for whichever bad guys you think are watching you, be it the NSA, KGB, KKK or Santa Claus.

Re:Wow Black helecopter syndrom

[mrchaotica]

As importantly, if you only encrypt things that you want keep secret, then you might as well not keep them secret at all. Not only are you waving a flag and essentially waving a red flag attracting Their* attention that you are now doing something covert ("I am done surfing Amazon.com and now intending to visit a forbidden website!"), it also makes it easier for Them to correlate your obfuscated traffic with traffic with the traffic that hits a forbidden site ("Hmmm, Bob went on Tor at 08:24:42.342 and at 08:24:42.359 traffic from a TOR exit node hit TheNSASucks.Com...").

I've always assumed it would be a bad idea for anything where you logged in. For example, wouldn't "They" be able to see "Joe Blow logged into Amazon.com from Tor exit node Foo at time A, then 'someone' visited TheNSASucks.com from the same exit node at time A + 1 second?"

Or worse yet, maybe your non-covert browsing would directly betray you: "Joe Blow logged into Amazon.com using the Tor Browser, then somebody with Joe Blow's Amazon cookie logged into TheNSASucks.com." Now obviously, you would try to keep your browser from getting infected with trackers... but how confident are you that you'd be 100% successful?

Re:Wow Black helecopter syndrom

[symbolic]

It might also behoove us to remember that much of this spying is done by *third-party contractors*. This means that it's not only the government with access to this information, hired hands as well. God only knows where the information might end up.

Using Tor requires care

[Hatta]

Tor is not a magic bullet. Anything you send over Tor can be intercepted by an exit node. If you send any identifying information over Tor, all the onion routing in the world won't help you. You can easily do this accidentally, all it takes is for you to visit a page with a google or facebook script on it. You can't just plug into Tor and expect it to take care of everything for you.

The only way to use Tor securely is to partition your Tor activities from everything else you do. This is most easily accomplished with a separate computer, or a VM used only for anonymous activities. Remember, it only takes one slip up and you are identifiable. That's how they got Ulbricht, and they can get you too.

A box that you plug into and forget about is going to provide nothing but a false sense of security. Bad idea.

Re:Using Tor requires care

[SwedishPenguin]

Exactly what I was going to post. If you don't take care of how you're using Tor, it will probably do more to flag you as "interesting" for the authorities to investigate further than protect your anonymity.

Not a Tor user, btw, if the NSA is listening. ;)

Re:Using Tor requires care

Anything you send over Tor can be intercepted by an exit node.

That is wrong, it should say 'will be intercepted by any agency, corporation or individual that wants'. There is no such thing at it 'can be' you can't really ignore such a good source of random 'secret' information. There were some researchers that did some research on what kind of data could be intercepted coming out of an tor exit node. Among the stuff they got was a lot of diplomats passwords and embassy traffic.

If anything tor should be used as little as possible to do as little as possible out of sight. It would be stupid to tunnel all of your traffic through the tunnel most every spying agency is monitoring as they were children waiting for a candy store that gives out free candy to open.

Tor is a great source to hide your identity yet not all weaknesses are known and it haven't been proven. One should read best recommendations for tor before using it. Also one shouldn't completely rely on it for anonymity, by now most people should have realized there is no such thing as 100 % proof anonymity on internet.

Re:Using Tor requires care

[bill_mcgonigle]

A box that you plug into and forget about is going to provide nothing but a false sense of security. Bad idea.

C'mon, half of the users are going to plug it into their router, then just go on using their WiFi connection, believing that they're now secure.

Re:Using Tor requires care

The only way to use Tor securely is to partition your Tor activities from everything else you do. This is most easily accomplished with a separate computer, or a VM used only for anonymous activities. ....

A box that you plug into and forget about is going to provide nothing but a false sense of security. Bad idea.

If you do a pure partition and send the rest out plaintext then you are also asking for trouble. All your tor traffic will be monitored. The correct thing to do is to partition between secure tor and insecure tor. Run a "normal blameless" life on one set of relatively insecure computers, but through tor. On another fully and maximally secure computer connect to a separate physical tor gateway and push that gateway through your main one.

Daniel Stucky didn't write this

Meghan Neil did.

Re:Democratize it

[bluefoxlucid]

Nice. My vocabulary is slightly larger; now I too can sound like an idiot by using words misinterpreted by other people who don't properly understand. How do I profit from this?

Hasn't TOR been shown to be compromised?

Thought it was already well known the the security and privacy of TOR was an illusion.

Why buy a box for this?

[hAckz0r]

When you can just pop in a TAILS LiveCD why do you need to buy hardware?

https://tails.boum.org/

Re:Why buy a box for this?

[garompeta]

I guess you missed the point: it is simple. Laziness is lucrative.

Re:Why buy a box for this?

Laziness leads to insecurity. If you are too lazy to fire up a livecd (or usb stick) for some anonymous browsing, you are likely to give away your identity with this "tor box" when you use it to log in to sites that know who you are.

You can buy Adafruit's version already built..

[i_want_you_to_throw_]

You can buy Adafruit's version already built with US and US intelligence friendly exit nodes excluded here for only a few bucks more PAPARouter

Re:You can buy Adafruit's version already built..

You spammed your message elsewhere in this thread, so I'll post the same reply, as you seem to have a vested interest in the sales of their product:

It seems to me that it says that it blocks countries that are friendly to US intelligence, not specific nodes. Also, I run a Tor relay and I've got a pretty good handle on exactly which configuration options are available. So you're suggesting that 2 lines in a configuration is worth buying their (your?) version?

Re:Democratize it

[supercrisp]

You were offered a dictionary definition of democratize accompanied by the etymology. Whether you profit from that gift is up to you.

Re:We are fucked.

You're doing it wrong, motherfucker

WoW-percussions

[globring]

This will probably just wind up getting me banned from WoW for "suspicious activity".

Re:WoW-percussions

[Impy+the+Impiuos+Imp]

Herbs, potions, strange foods to amplify strencth and intelligence, spells to turn people into sheep, you're already on the FDA's shit list, buddy!

Great

Now put the same thing in every ISP's box and while some are at reviewing the future of the HTTP protocol let's Torify that by default too.

The cloud is dead, back to the basics, distribution, resilience, decentralization and utter win.

Re:Democratize it

[fatphil]

Except that's not the definition any of the sources I have access to offer:

democratize, democratise:
vb (Government, Politics & Diplomacy) (tr) to make democratic

Democratization (or democratisation) is the transition to a more democratic
political regime.

democratise:
verb (used with object), verb (used without object), democratized, democratizing. to make or become democratic.

democratize or democratise
verb
      1. (transitive) to make democratic

You were right to be sceptical, it is an ambiguous and overused jargon term.

Re:We are fucked.

He's the Republican version of the Hosts File guy. Or a shill paid by the Republican party. Just another offtopic troll, why do you bring attention to him by responding? Look, if you like biting trollbait, please log off first before responding so your score will start at 0 and I won't see it.

Moderators, this whole subthread should be at -1, including the stupid sean.

Re:Tor? Reallly?

The nature of TCP/IP precludes true anonymity

You have no idea what you're talking about.

Rather than let NSA to monitor the traffic...

[fufufang]

It is so much better to let the exit node owners to monitor your traffic right? Ok fine, they can't trace it back to you, but do expect every malicious thing possible to be done on your traffic.
http://arstechnica.com/security/2007/09/security-expert-used-tor-to-collect-government-e-mail-passwords/

Re:Tor? Reallly?

[XcepticZP]

Lol, it's so funny reading you speak of "the nature of TCP/IP" with such blatant ignorance of the actual things involved. Obvious trolling, dude. Go to twitter.

Tor in a box

[nurb432]

And you in a jail cell, if you host an exit node on it. Remember kiddies, you are responsible for what comes out your pipe.

Re:Tor? Reallly?

This is just not true these days. You can browse at quite a reasonable speed, even download multi-gigabyte files without major delay. Perhaps you accidentally set it to run as a relay and didn't use the bandwidth limiter (thus ensuring all your available bandwidth would be consumed by others)?

This seems dangerous

[davidbrit2]

The kind of people and activities that need TOR to provide extreme anonymity need significantly more than just TOR alone to do it effectively. This seems like it could lull people into assuming otherwise.

Subject

I Tor a box once. Now I have to send a check each week.

Re:We are fucked.

I'm interesting in sucking your dick.

Re:Tor? Reallly?

[Pseudonym+Authority]

Most uninformed post of the entire story? Only time will tell!

Tor - We are Borg

[dontgetshocked]

Not a problem.If it interferes with the NSA then they will just subpoena the data or congress will create a new law to sidestep it.Resistance is futile, you will be assimilated!

TOR is owned.

Look dammit, I can tell you FOR FACT that TOR is owned. EVERY TOR node is compromised and packets can be traced form source to dest. Can I show you proof sufficient to satisfy skeptics among you? Nope, but I can give you my word and, while I'm not a Spaniard, I'm damned honest.

Re:Tor? Reallly?

[DogDude]

You clearly have never read a RFC. You should consider learning a bit before spouting off at the mouth.

Re:Democratize it

[wcrowe]

The meanings of words can change over time, and dictionary definitions are often behind the curve. Merriam-Webster's online dictionary gives as its third definition of democratic "relating to, appealing to, or available to the broad masses of the people". And for democratize they give the example sentence, "The magazine's goal is to democratize art".

If you'd like to know more about how words change over time, you should ask about the process in the discussion forum at Wordorigins.com.

 

Re:Democratize it

[fatphil]

You did not acknowledge it, but hopefully you noticed that I didn't say "the new use rife in modern trashy jargon is wrong" and explicitly described it as "ambiguous", as the word is in a state of evolution.

As long as there's putting power in the masses' hands, I have no objection to the term; for example, guiding the editorial policy of a periodical. However, a statement such as "twitter is democratizing the internet" I would consider to be a serious dilution of the earlier meaning of the term.

Slavery is democratising pyramid-building.

Re:Democratize it

[wcrowe]

(shrug) Well, that's how it goes with words. What you like or what I like is irrelevant. I went to the OED, the de facto arbiter of English word definitions, and they have for democratize "make (something) accessible to everyone", with the following example sentence, "mass production has not democratized fashion." This is using the word in the same way that the OP used the word. I think if it's in the OED we can be confident that the word is not "in a state of evolution", but is acceptable for use in this sense.

Re:Democratize it

[fatphil]

The OED lost the plot about a decade ago. By the time they're including things that have not proven to have any momentum in the language, and which then fall completely out of use, then following up with a new set of updates with even less traction, you know that they've completely forgotten what their mandate is.

While I wish I agreed with it, I completely disagree with your final sentence.

Re:Democratize it

[wcrowe]

I'm sorry you disagree fatphil. Personally, I am not prepared to challenge the OED or MW in their assessments, but perhaps you are. People are using the word "democratize" in this fashion, like it or not. I know, I know. These things can be maddening. For instance, I do not like it when people use "literally" as an intensifier. It gets under my skin. Yet, that is what they are doing. I wish you luck in tilting at this particular windmill.

Re:Democratize it

[fatphil]

I have plenty of spare lances.

Aside - you'll be pleased to know that as of just 2 days ago I decided thenceforth to use "literarily" to mean "expressed as one would find in literature, namely exagerated or fictionalised". To contrast against "literally", clearly ;-)

Is PapaRouter really better than SafePlug?

I think this PapaRouter exit node blacklisting scheme is only a benefit to public privacy if there is no fiber tap between the Tor exit node and the public web site that you are trying to reach--but filtering Tor exit nodes by geographic location would in no way guarantee this. In some cases, it could actually compromise your privacy by forcing unencrypted traffic to pass through a monitored long distance cable, when it might not have done that if the exit node was in close proximity to the destination web site.*1

We now know that major ISP networks have been compromised by corrupt governments which use our taxes to purchase this kind of cooperation through bribery, instead of an unconstitutional order from a secret court or secret agency.*2 Even if the browser could tell you when the unencrypted traffic between your exit node and the web site is passing through a country that is hostile to your privacy, it is still basically just a threat level indicator with no reliable accuracy. As some of these articles indicate, the state has transitioned from merely monitoring traffic to MODIFYING traffic, in an attempt to exploit software vulnerabilities.*3 And nothing would prevent any carrier along the data path from doing the same thing. So now everyone needs the data transport encrypted all of the time, even if they are not a political dissident or a business trying to protect their network from hackers.

The only permanent solution I can see would be for every web site to have a presence on the Tor network. When people type a public URL into their browser, a Tor DNS server would have to intercept that request and return the address of the equivalent "hidden service" on the Tor network, so nothing is ever sent across the public internet in an unencrypted form; not even metadata. After typing a standard URL, the Tor browser would have to tell you if the site has a presence on the Tor network or not, and you could choose whether you wanted to connect based on the result. Is that feasible? I dont know enough about it to make this kind of determination. Is there anything that a web site hosting company can do to offer Tor gateways to all of their customers at once, or somehow make it easier for the customer to set this up? If so, it would definitely give them a competitive advantage.

If we want public web sites to participate in the Tor network, it needs to be easy for their visitors--and memorizing the URL of Tor hidden services is not easy. If you make it easy for a public web site to participate in the Tor network and they still refuse to do so, then you might have a reason not to trust the site. Only then would the loss of customers motivate the site operator to get on board and support these privacy protections. Could there come a time when many key routers on the internet are Tor routers too--or at least hybrids which support Tor DNS traffic? Would that mitigate the risk presented by bad Tor nodes which are run by secret government actors? I do not claim to be an expert, but I am eager to learn how to implement good security practices and procedures, so any comments or corrections are certainly welcome. The more that Tor can do to make this "idiot proof", the better.

*1 - US and its “Five Eyes” intelligence partners tap high speed fibre optic cables at 20 locations worldwide
http://www.smh.com.au/technology/technology-news/new-snowden-leaks-reveal-us-australias-asian-allies-20131124-2y3mh.html

*2 - AT&T gets paid millions by the CIA to give up user data
http://rt.com/usa/cia-att-savage-logs-382/

*2 - NSA paid millions to Internet companies to cover surveillance program costs
http://rt.com/usa/nsa-payed-internet-companies-911/

*3 - Our Government Has Weaponized the Internet
http://www.wired.com/opinion/2013/11/this-is-how-the-internet-backbone-has-been-turned-into-a-weapon/

*3 - Peeling back the layers of Tor
http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document

PAPArouter is a scam

Hey there, PAPArouter sales dude!
Why do you keep spamming the forums with advertisements for PAPArouter like this:

http://slashdot.org/comments.pl?sid=4476331&cid=45494749
http://slashdot.org/comments.pl?sid=4476331&cid=45494715
http://slashdot.org/comments.pl?sid=4475985&cid=45493115 (logged-in users only)
http://slashdot.org/comments.pl?sid=4433345&cid=45391743 (archived)
http://slashdot.org/comments.pl?sid=4432761&cid=45390809 (archived)
http://slashdot.org/comments.pl?sid=4282975&cid=44993393 (archived)

And why did you lie about PAPArouter being "only a few bucks more"? It's actually DOUBLE the cost of SafePlug -- for adding a couple of lines to a config file? Who do you think you are fooling?

"you must be really tired from trying to stay relevant"
http://slashdot.org/comments.pl?sid=4282975&cid=44993393

Scammer / Spammer (see replies)

http://slashdot.org/comments.pl?sid=4476331&cid=45494749