Slashdot Mirror
Tor Now Comes In a Box
Daniel_Stuckey writes "Tor has been in the spotlight lately as a way to keep prying eyes away from your online activities. However, to your average internet user, the covert network of relays and whatchamacallits can come off as too complex and intimidating to bother with — even as people are increasingly concerned with their online privacy in light of the NSA scandal. So goes the thinking behind Safeplug, a new hardware adapter that basically puts Tor in a box. It takes 60 seconds and 50 bucks to plug the privacy box into your router, and you're good to go, the company claims. Like anonymous browsing for dummies. The adapter comes from hardware company Pogoplug, which announced its new product yesterday and hopes it will bring Tor to the mass market by offering more consumer-friendly access. 'We want to just take what is currently available today to a more technical crowd and democratize it, making it easier to use for an average user,' CEO Dan Putterman told GigaOM."
We now turn to Admiral Ackbar who I believe has a comment on this development....
Wireless Tor AP built with a Raspberry Pi: http://learn.adafruit.com/onion-pi/overview
Yeah, fuck those Dems for making TOR so hard to install!
Oh, I mean, wait... What the fuck are you on about?
Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
i like the idea of a $50 plug and play box for tor, but how is this different than using a browser plugin? a serious question, not being rhetorical.
My God can beat up your God. Just kidding...don't take offense. I know there's no God.
The difference being that you have to install tor in every single device you are using, with this box you anonimize the whole traffic of your network, anyone using your WiFi is automatically routed through TOR.
One of the problems with that is that sometimes your real IP can leak out. For example, if you visit a page that installs the FBI's CIPAV malware, it will bypass Tor and report the real IP. If all traffic is routed through Tor by another device, this won't work.
And you can use SelekTOR (google SelekTOR Exit Node) which makes it even easier.
Color me skeptical.
It's untinkable that the Mighty Tor could be trust into a box such as tis.
Sure - if you have malware, all bets are off. So don't use malware, then. "A page" never ever installed anything on my computer - the advantage of not using microsoft products.
Their other products phone home because they are really in the business of selling online services, not network hardware.
But we're going to need a lot more tor nodes, particularly exit nodes
Well that's hardly an unsolvable problem, just put another tor router box in series with the malware infested one.
Yes, I speak English, the problem is that I do not understand all that bollox.
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
I honestly didn't know people still used Tor.
Last I tried it, it necessarily slowed my Net connection down to essentially unusable because of an obvious lack of "exit nodes". Besides, all it does is add some very, very simple obfuscation to what you may be doing on the Net. It doesn't in any way provide any meaningful protection. The nature of TCP/IP precludes true anonymity. People pursuing anonymity through TCP/IP are the same kinds of people looking for perpetual motion machines.
I don't respond to AC's.
Well that's hardly an unsolvable problem, just put another tor router box in series with the malware infested one.
Hey, that's a good question: do the stats on these things stack? I.e., if I put 3 of them in series, am I 3X as anonymous?
An enigma, wrapped in a riddle, shrouded in bacon and cheese
From Merriam Webster:
to make (something) available to all people : to make it possible for all people to understand (something)
Democratization is a common term that existed long before USA appropriated "democracy" as part of their call to arms, you brainwashed yank.
Do you really need to anonymize everything 24/7, like when you're watching Netflix? Doesn't that extra traffic overload the Tor network?
.
Prisencolinensinainciusol. Ol Rait!
Hardly a buzzword. To democratize something is to make it available to all. From the Greek demos (people) + kratia (power).
Proverbs 21:19
Tor is not a magic bullet. Anything you send over Tor can be intercepted by an exit node. If you send any identifying information over Tor, all the onion routing in the world won't help you. You can easily do this accidentally, all it takes is for you to visit a page with a google or facebook script on it. You can't just plug into Tor and expect it to take care of everything for you.
The only way to use Tor securely is to partition your Tor activities from everything else you do. This is most easily accomplished with a separate computer, or a VM used only for anonymous activities. Remember, it only takes one slip up and you are identifiable. That's how they got Ulbricht, and they can get you too.
A box that you plug into and forget about is going to provide nothing but a false sense of security. Bad idea.
Give me Classic Slashdot or give me death!
The TOR busts the FBI did earlier this year was malware infecting windows users using outdated versions of TOR (for windows).
A TOR AP makes very good sense, since you can easily change MAC adr. local IP etc. to something other than the normal network, making leaks very hard to use.
You can use Whonix in virtualbox. It basically replicates this setup, where you have a gateway VM and a workstation VM. The workstation can only access the Internet through the gateway. So if the workstation is compromised it still can't leak your IP.
What am I doing that's so important to keep secret? I'm minding my own business, that's what. You should do it too.
The reason we should all be afraid of the authorities spying on us is because more often than not, they are the POS humans that are the greatest threat. Remember COINTELPRO? Remember the FBI infiltrating mosques? Remember the IRS harassing political groups? Remember people like Thomas Drake being prosecuted for blowing the whistle on massive amounts of public corruption and fraud?
In an authoritarian regime, anything you do that stands out will get you unwanted attention. If you don't believe we're authortarian today, there's no guarantee we won't be in the future. If we can't protect our privacy today, how will we protect it then? If you want to live a free life, you need privacy.
Give me Classic Slashdot or give me death!
Does it sit between your gateway and your router, and transparently redirect all packets to the tor network?
Do you just plug it into a router port and point your devices at it as a proxy?
Where is the source code? If we're going to be paranoid enough to use Tor for everything, shouldn't we demand to audit the code for security holes and possible backdoors?
It just seems like a product without a niche. Most users have no desire to use Tor, and those that do are typically savvy enough to set it up themselves.
https://tails.boum.org/
You were offered a dictionary definition of democratize accompanied by the etymology. Whether you profit from that gift is up to you.
This will probably just wind up getting me banned from WoW for "suspicious activity".
And what IP is going to be reported when the Tor gizmo on your same cable modem NAT hits the internet? Wait for it... your cable modem IP. Either that or 192.168.1.2, which I hear is a popular one.
I want to delete my account but Slashdot doesn't allow it.
Another case of the perfect being the enemy of the good. Technology does not have have to be perfect for it to be useful, furthermore there is always a cost/benefit tradeoff. Even locks that are easy to pick and windows easily broken are useful. I know that most of you have a condescending attitude towards users who are unconcerned about internet privacy. It may well their cost benefit tradeoff is far more reasonable than yours.
Except that's not the definition any of the sources I have access to offer:
democratize, democratise:
vb (Government, Politics & Diplomacy) (tr) to make democratic
Democratization (or democratisation) is the transition to a more democratic
political regime.
democratise:
verb (used with object), verb (used without object), democratized, democratizing. to make or become democratic.
democratize or democratise
verb
1. (transitive) to make democratic
You were right to be sceptical, it is an ambiguous and overused jargon term.
Also FatPhil on SoylentNews, id 863
Or automatically routed through any proxy the supplier chooses right? I mean how would you know if this doesn't just send all traffic to a pseudo TOR network setup by the NSA which captures everything you do?
It is so much better to let the exit node owners to monitor your traffic right? Ok fine, they can't trace it back to you, but do expect every malicious thing possible to be done on your traffic.
http://arstechnica.com/security/2007/09/security-expert-used-tor-to-collect-government-e-mail-passwords/
I don't see how it is so hard to understand for you, it is very simple, it is a router that connects to tor. It is super practical to anonymize a whole LAN in a single shot.
As importantly, if you only encrypt things that you want keep secret, then you might as well not keep them secret at all. Not only are you waving a flag and essentially waving a red flag attracting Their* attention that you are now doing something covert ("I am done surfing Amazon.com and now intending to visit a forbidden website!"), it also makes it easier for Them to correlate your obfuscated traffic with traffic with the traffic that hits a forbidden site ("Hmmm, Bob went on Tor at 08:24:42.342 and at 08:24:42.359 traffic from a TOR exit node hit TheNSASucks.Com...").
On the other hand, if you disguise all your activity online, it makes it much harder for Them to do this sort of pattern matching.
So if you are going to use TOR - or use other similar privacy-protecting technologies or techniques - it is best used ALL the time and not just when you are doing something that specifically you don't want the bad guys to know about.
And as the previous poster indicated, just because what you are doing now isn't considered wrong doesn't mean it won't be considered immoral or illegal in the future, or used out of context by others to your disadvantage. As organizations become larger and more bureaucratic, they become more detached from the harm - intentional or otherwise - they can inflict on individuals. And it is not only governments who can cause this harm; corporations gather as much information about us and - as has been frequently been shown over the past few years - are far more careless about how they secure that information. As the old proverb goes, 'an ounce of prevention is worth a pound of cure'; I'd rather try to keep as much of my life out of anyone else's hands rather than try to clean up the mess after that same information is being used against me.
* They, Their and Them are generic placeholders for whichever bad guys you think are watching you, be it the NSA, KGB, KKK or Santa Claus.
Unless you have a firewall to block normal internet traffic, and only allow tor traffic to go through. In that case, even if your box gets compromized, there is no way of launching a side-channel attack.
Lol, it's so funny reading you speak of "the nature of TCP/IP" with such blatant ignorance of the actual things involved. Obvious trolling, dude. Go to twitter.
There's a much easier way to to leak your IP over Tor -- use UDP. Or anything other than TCP, for that matter.
There's no -1 for "I don't get it."
Because the information provided isn't sufficient to understand what the box actually does. Does it act as a DHCP provider? How would my devices know to use it? Since it sits inside the network, how would devices which want to use it know its there? Do I have to update proxy settings on browsers?
Of course it is. Anonymity is compromised by the data you send through it or by correlating Tor traffic with clear traffic. Both of things can be avoided and are not a flaw in the system itself but rather user error.
I mean how would you know if this doesn't just send all traffic to a pseudo TOR network setup by the NSA which captures everything you do?
AKA half of Tor, I'd imagine. The point of Tor has never been to evade detection by the NSA. It's to anonymize your internet traffic to prevent the destination service operator from knowing who/where you are. It's essentially a chain of "legitimate," marginally highly-available TCP proxies that anyone can use without having to create or rent a botnet. Hidden services are a nice side effect, or at least were until Silk Road's compromise spooked everyone.
That said, your point stands: there's not enough information about how this magic box works.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
Clearly the benefit of a plug like this isn't at home. Bring down the price and size a notch and it will be ideal to hide at libraries, schools and other places that can't be traced back to you.
Suddenly there is a whole bunch of tor nodes in your town that you can connect to, all of them used for completely legal stuff.
The kind of people and activities that need TOR to provide extreme anonymity need significantly more than just TOR alone to do it effectively. This seems like it could lull people into assuming otherwise.
I've always assumed it would be a bad idea for anything where you logged in. For example, wouldn't "They" be able to see "Joe Blow logged into Amazon.com from Tor exit node Foo at time A, then 'someone' visited TheNSASucks.com from the same exit node at time A + 1 second?"
Or worse yet, maybe your non-covert browsing would directly betray you: "Joe Blow logged into Amazon.com using the Tor Browser, then somebody with Joe Blow's Amazon cookie logged into TheNSASucks.com." Now obviously, you would try to keep your browser from getting infected with trackers... but how confident are you that you'd be 100% successful?
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
A router that connects to Tor, or a router that claims to connect to Tor? :)
It might also behoove us to remember that much of this spying is done by *third-party contractors*. This means that it's not only the government with access to this information, hired hands as well. God only knows where the information might end up.
Freedom Hosting's compromise was used to host an exploit for Firefox. The shellcode used Windows calls, but it was Firefox that was executing them, meaning it had all the rights that Firefox itself had, meaning it would probably have worked fine on any other OS with a little tweaking. But alas.
That was his point. Don't connect to the internet directly; connect to this box (likely a cheap computer running iptables and tor) over the LAN so that any FBI malware can't get your real IP.
Most uninformed post of the entire story? Only time will tell!
It almost certainly just acts as a transparent proxy that intercepts connections and DNS requests and sends them through Tor - there's already support in the Tor client for doing this.
Have you installed TOR on a winders box recently?
You don't even have to install it (for web browsing at least).
https://www.torproject.org/projects/torbrowser.html.en
systemd is Roko's Basilisk.
No source.
Non-free.
No Mac version.
Nothing for mobile devices.
No thank you.
You clearly have never read a RFC. You should consider learning a bit before spouting off at the mouth.
I don't respond to AC's.
The meanings of words can change over time, and dictionary definitions are often behind the curve. Merriam-Webster's online dictionary gives as its third definition of democratic "relating to, appealing to, or available to the broad masses of the people". And for democratize they give the example sentence, "The magazine's goal is to democratize art".
If you'd like to know more about how words change over time, you should ask about the process in the discussion forum at Wordorigins.com.
Proverbs 21:19
You did not acknowledge it, but hopefully you noticed that I didn't say "the new use rife in modern trashy jargon is wrong" and explicitly described it as "ambiguous", as the word is in a state of evolution.
As long as there's putting power in the masses' hands, I have no objection to the term; for example, guiding the editorial policy of a periodical. However, a statement such as "twitter is democratizing the internet" I would consider to be a serious dilution of the earlier meaning of the term.
Slavery is democratising pyramid-building.
Also FatPhil on SoylentNews, id 863
(shrug) Well, that's how it goes with words. What you like or what I like is irrelevant. I went to the OED, the de facto arbiter of English word definitions, and they have for democratize "make (something) accessible to everyone", with the following example sentence, "mass production has not democratized fashion." This is using the word in the same way that the OP used the word. I think if it's in the OED we can be confident that the word is not "in a state of evolution", but is acceptable for use in this sense.
Proverbs 21:19
The OED lost the plot about a decade ago. By the time they're including things that have not proven to have any momentum in the language, and which then fall completely out of use, then following up with a new set of updates with even less traction, you know that they've completely forgotten what their mandate is.
While I wish I agreed with it, I completely disagree with your final sentence.
Also FatPhil on SoylentNews, id 863
I'm sorry you disagree fatphil. Personally, I am not prepared to challenge the OED or MW in their assessments, but perhaps you are. People are using the word "democratize" in this fashion, like it or not. I know, I know. These things can be maddening. For instance, I do not like it when people use "literally" as an intensifier. It gets under my skin. Yet, that is what they are doing. I wish you luck in tilting at this particular windmill.
Proverbs 21:19
I have plenty of spare lances.
;-)
Aside - you'll be pleased to know that as of just 2 days ago I decided thenceforth to use "literarily" to mean "expressed as one would find in literature, namely exagerated or fictionalised". To contrast against "literally", clearly
Also FatPhil on SoylentNews, id 863