Slashdot Mirror
UK ISP Tests SIM Card That Forces All of Your Mobile Data Through Tor (vice.com)
An anonymous reader quotes a report from Motherboard: [O]ne UK grassroots internet service provider is currently testing a data only SIM card that blocks any non-Tor traffic from leaving the phone at all, potentially providing a more robust way to use Tor while on the go. "This is about sticking a middle finger up to mobile filtering, mass surveillance," Gareth Llewelyn, founder of Brass Horn Communications, told Motherboard in an online chat. Brass Horn is a non-profit internet service provider with a focus on privacy and anti-surveillance services. Tor is a piece of software and a related network run by volunteers. When someone runs Tor on their computer or phone, it routes their traffic through multiple servers before reaching its final destination, such as a website. That way, the website owner can't tell who is visiting; only that someone is connecting from Tor. The most common way people access Tor is with the Tor Browser Bundle on desktop, or with the Orbot app on Android.
But, in some cases, neither of these totally guarantee that all of your device's traffic will be routed through Tor. If you're using the Tor Browser Bundle on a laptop, and then go to use another piece of software, that app is probably not going to use Tor. The same might stand for Orbot running on older iterations of Android. Nathan Freitas, from The Guardian Project which maintains Orbot, said with newer versions of Android, you can lock down device traffic to only work if a specific VPN is activated, including Orbot's. This SIM card, however, is supposed to provide a more restricted solution in the event that other approaches don't quite work. The UK-exclusive SIM card requires that users create a new access point name on their device. It also requires Orbot to be installed and running on the device itself.
But, in some cases, neither of these totally guarantee that all of your device's traffic will be routed through Tor. If you're using the Tor Browser Bundle on a laptop, and then go to use another piece of software, that app is probably not going to use Tor. The same might stand for Orbot running on older iterations of Android. Nathan Freitas, from The Guardian Project which maintains Orbot, said with newer versions of Android, you can lock down device traffic to only work if a specific VPN is activated, including Orbot's. This SIM card, however, is supposed to provide a more restricted solution in the event that other approaches don't quite work. The UK-exclusive SIM card requires that users create a new access point name on their device. It also requires Orbot to be installed and running on the device itself.
Simple, the UK is going to flood the internet with tor exit points. This is fucking stupid.
All your data? Is there a real point? If it succeeds, Tor fails.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Let me root my phone and let me do what I want with my data please, thank you. I'm getting quite annoyed with the massive lock down of phones lately or they somehow completely gimp your phone if you do, like Sony's new phone where, sure you can root your phone, but your camera just takes green pictures.
It's getting to the point where I don't even want a phone or tablet anymore. They all want to "Protect" me. But when that protection uploads crap to the cloud hosted in China without my consent (Samsung and Apple, I'm looking at you with your BS default upload to the cloud crap), I don't want your method of protection.
APK, you got caught lying when you denied saying hosts do port forwarding: http://hardware.slashdot.org/comments.pl?sid=12792965&cid=57521005.
You got caught overstating the capabilities of hosts and now you're running like the chickenshit coward you are. You're not enough of a man to admit you lied, so you ran.
This is probably the stupidest idea ever Only traffic going to TOR network should go to TOR network. Going through TOR to browse internet etc is incredibly stupid. Exit nodes can be set up by anybody. Exit nodes can see ALL traffic flowing through them passively - there is absolutely no way to see if someone is intercepting the data on the fly. Even SSL/TLS protected connections are leaking connection metadata and so on.
If only every site would look into activating this new Cloudflare-Tor solution:
https://www.securityweek.com/c...
It has to be activated on the server side, so if you're tired of endless ReCAPTCHA loops of fire hydrants, buses, stairs, chimneys, traffic lights, etc. etc. then ask the site(s) to enable it.
I deny that I have not avoided attaining the opposite of that which I do not want.
The government might not like it, but whether they can do much about it is another question. It would be difficult to draft a law that covered tools like this without causing significant collateral damage.
Of more immediate practical interest might be that visitors from Tor tend to be restricted in what they can do online because there's a disproportionate risk of attacks, fraud, and other hostile actions. I expect the payment services we use flag traffic from Tor exit nodes as being higher risk, for example, which might make it more difficult to buy things online.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
I regularly use a VPN on my phone and home connection, it's been fine in the UK. If anyone did request my ISP records they would just see a very long term connection to the VPN, although I suppose they could enable extra logging beyond what is legally required if they wanted to establish usage patterns.
The problem with doing it on mobile is that it doesn't block the worst bit of tracking - location. The mobile providers log which cell towers your phone uses and signal strength, giving your approximate location. You can't do anything about it, it's how mobile networks work.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
that is going to ruin tor for everybody, or at least everybody in the UK.
On a long enough timeline, the survival rate for everyone drops to zero.
> The government might not like it
The government created Tor.
> there's a disproportionate risk of attacks, fraud, and other hostile actions. I expect the payment services we use flag traffic from Tor exit nodes as being higher risk, for example, which might make it more difficult to buy things online.
True.
Well they'll soon be very good at identifying chimneys, fire hydrants and buses :-)
There's also the issue(likely very significant in this case) that Tor does not (and doesn't claim to; and probably couldn't in principle, at least without significant redesign) protect you from endpoints inferring things about your traffic if it is interesting/identifiable in itself.
The onion routing and encryption of your traffic as it gets passed between the intermediate nodes breaks trivial identification of the origin of the traffic and keeps the intermediate nodes in the dark; but the exit node [i]must[/i] have access to your traffic(potentially not plaintext if you are communicating with a site that uses TLS) in exactly the form that the server you are communicating with expects.
If your traffic isn't intrinsically identifying; this is something to be aware of; but an improvement over the situation where the origin of your traffic is trivially available to everyone involved in getting it from source ot destination and back. If it is, though, Tor's protections get markedly less useful.
Contemporary systems can be chatty enough on the PC side(one of the reasons why specialty distros are commonly recommended for Tor use); is anyone crazy enough to expect a smartphone, exemplar of post-privacy computing, to not shed identifying information right and left?