Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor Now Comes In a Box

Posted by Soulskill on from the boxes-lend-credibility dept.

Daniel_Stuckey writes "Tor has been in the spotlight lately as a way to keep prying eyes away from your online activities. However, to your average internet user, the covert network of relays and whatchamacallits can come off as too complex and intimidating to bother with — even as people are increasingly concerned with their online privacy in light of the NSA scandal. So goes the thinking behind Safeplug, a new hardware adapter that basically puts Tor in a box. It takes 60 seconds and 50 bucks to plug the privacy box into your router, and you're good to go, the company claims. Like anonymous browsing for dummies. The adapter comes from hardware company Pogoplug, which announced its new product yesterday and hopes it will bring Tor to the mass market by offering more consumer-friendly access. 'We want to just take what is currently available today to a more technical crowd and democratize it, making it easier to use for an average user,' CEO Dan Putterman told GigaOM."

17 of 150 comments (clear)

  1. Additional comment by finkployd · · Score: 4, Funny

    We now turn to Admiral Ackbar who I believe has a comment on this development....

  2. Roll your own by pegr · · Score: 4, Interesting

    Wireless Tor AP built with a Raspberry Pi: http://learn.adafruit.com/onion-pi/overview

    1. Re:Roll your own by necro81 · · Score: 4, Informative

      That was my thought exactly: "Say, didn't Adafruit just have an article in Make Magazine about using a Raspberry Pi to make a wireless Tor proxy?" Why yes, they did.

    2. Re:Roll your own by Anonymous Coward · · Score: 5, Insightful

      Yeah but, when your non-technical friend asks you about using Tor, do you want to point them to Raspberry Pi and get a dirty look, point them to the browser plugin and forever be saddled with support questions, or point them to the $50 "just plug it in and forget about it" hardware and earn their gratefulness?

    3. Re:Roll your own by i_want_you_to_throw_ · · Score: 4, Informative

      YES! or you can buy Adafruit's version already built with US and US intelligence friendly exit nodes excluded here for only a few bucks more PAPARouter

  3. Re: Make it easy? by Anonymous Coward · · Score: 4, Insightful

    The difference being that you have to install tor in every single device you are using, with this box you anonimize the whole traffic of your network, anyone using your WiFi is automatically routed through TOR.

  4. Re: Make it easy? by supersat · · Score: 3, Informative

    One of the problems with that is that sometimes your real IP can leak out. For example, if you visit a page that installs the FBI's CIPAV malware, it will bypass Tor and report the real IP. If all traffic is routed through Tor by another device, this won't work.

  5. Sounds good by Kardos · · Score: 3, Insightful

    But we're going to need a lot more tor nodes, particularly exit nodes

  6. Overkill? by RevWaldo · · Score: 4, Interesting

    Do you really need to anonymize everything 24/7, like when you're watching Netflix? Doesn't that extra traffic overload the Tor network?

    .

    --
    Prisencolinensinainciusol. Ol Rait!
  7. Using Tor requires care by Hatta · · Score: 5, Insightful

    Tor is not a magic bullet. Anything you send over Tor can be intercepted by an exit node. If you send any identifying information over Tor, all the onion routing in the world won't help you. You can easily do this accidentally, all it takes is for you to visit a page with a google or facebook script on it. You can't just plug into Tor and expect it to take care of everything for you.

    The only way to use Tor securely is to partition your Tor activities from everything else you do. This is most easily accomplished with a separate computer, or a VM used only for anonymous activities. Remember, it only takes one slip up and you are identifiable. That's how they got Ulbricht, and they can get you too.

    A box that you plug into and forget about is going to provide nothing but a false sense of security. Bad idea.

    --
    Give me Classic Slashdot or give me death!
  8. Re:Make it easy? by Splab · · Score: 3, Informative

    The TOR busts the FBI did earlier this year was malware infecting windows users using outdated versions of TOR (for windows).

    A TOR AP makes very good sense, since you can easily change MAC adr. local IP etc. to something other than the normal network, making leaks very hard to use.

  9. Re:Wow Black helecopter syndrom by Hatta · · Score: 5, Interesting

    What am I doing that's so important to keep secret? I'm minding my own business, that's what. You should do it too.

    The reason we should all be afraid of the authorities spying on us is because more often than not, they are the POS humans that are the greatest threat. Remember COINTELPRO? Remember the FBI infiltrating mosques? Remember the IRS harassing political groups? Remember people like Thomas Drake being prosecuted for blowing the whistle on massive amounts of public corruption and fraud?

    In an authoritarian regime, anything you do that stands out will get you unwanted attention. If you don't believe we're authortarian today, there's no guarantee we won't be in the future. If we can't protect our privacy today, how will we protect it then? If you want to live a free life, you need privacy.

    --
    Give me Classic Slashdot or give me death!
  10. Re: Make it easy? by Damarkus13 · · Score: 5, Insightful
    But, how does it do that. The article and even the Safeplug website do not explain the mechanism it uses to redirect your traffic to Tor. There aren't even any pictures of the back off the device that I can find.

    Does it sit between your gateway and your router, and transparently redirect all packets to the tor network?

    Do you just plug it into a router port and point your devices at it as a proxy?

    Where is the source code? If we're going to be paranoid enough to use Tor for everything, shouldn't we demand to audit the code for security holes and possible backdoors?

    It just seems like a product without a niche. Most users have no desire to use Tor, and those that do are typically savvy enough to set it up themselves.

  11. Re: Make it easy? by hairyfish · · Score: 3, Insightful

    Or automatically routed through any proxy the supplier chooses right? I mean how would you know if this doesn't just send all traffic to a pseudo TOR network setup by the NSA which captures everything you do?

  12. Re:Wow Black helecopter syndrom by Somebody+Is+Using+My · · Score: 5, Insightful

    As importantly, if you only encrypt things that you want keep secret, then you might as well not keep them secret at all. Not only are you waving a flag and essentially waving a red flag attracting Their* attention that you are now doing something covert ("I am done surfing Amazon.com and now intending to visit a forbidden website!"), it also makes it easier for Them to correlate your obfuscated traffic with traffic with the traffic that hits a forbidden site ("Hmmm, Bob went on Tor at 08:24:42.342 and at 08:24:42.359 traffic from a TOR exit node hit TheNSASucks.Com...").

    On the other hand, if you disguise all your activity online, it makes it much harder for Them to do this sort of pattern matching.

    So if you are going to use TOR - or use other similar privacy-protecting technologies or techniques - it is best used ALL the time and not just when you are doing something that specifically you don't want the bad guys to know about.

    And as the previous poster indicated, just because what you are doing now isn't considered wrong doesn't mean it won't be considered immoral or illegal in the future, or used out of context by others to your disadvantage. As organizations become larger and more bureaucratic, they become more detached from the harm - intentional or otherwise - they can inflict on individuals. And it is not only governments who can cause this harm; corporations gather as much information about us and - as has been frequently been shown over the past few years - are far more careless about how they secure that information. As the old proverb goes, 'an ounce of prevention is worth a pound of cure'; I'd rather try to keep as much of my life out of anyone else's hands rather than try to clean up the mess after that same information is being used against me.

    * They, Their and Them are generic placeholders for whichever bad guys you think are watching you, be it the NSA, KGB, KKK or Santa Claus.

  13. Re: Make it easy? by bobthecow · · Score: 3, Informative

    Because the information provided isn't sufficient to understand what the box actually does. Does it act as a DHCP provider? How would my devices know to use it? Since it sits inside the network, how would devices which want to use it know its there? Do I have to update proxy settings on browsers?

  14. Re: Make it easy? by ShaunC · · Score: 5, Interesting

    I mean how would you know if this doesn't just send all traffic to a pseudo TOR network setup by the NSA which captures everything you do?

    AKA half of Tor, I'd imagine. The point of Tor has never been to evade detection by the NSA. It's to anonymize your internet traffic to prevent the destination service operator from knowing who/where you are. It's essentially a chain of "legitimate," marginally highly-available TCP proxies that anyone can use without having to create or rent a botnet. Hidden services are a nice side effect, or at least were until Silk Road's compromise spooked everyone.

    That said, your point stands: there's not enough information about how this magic box works.

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!