Re: [liberationtech] With This Tiny Box, You Can Anonymize Everything You Do Online | WIRED
+cpunks Interested in update mechanisms, interdiction resilience, trusted boot, web / other interfaces. These devices just change and expand your threat surface. Travis On Oct 13, 2014 12:21 PM, "Yosem Companys" <companys@stanford.edu> wrote:
Today a group of privacy-focused developers plans to launch a Kickstarter campaign for Anonabox. The $45 open-source router automatically directs all data that connects to it by ethernet or Wifi through the Tor network, hiding the user’s IP address and skirting censorship. It’s also small enough to hide two in a pack of cigarettes. Anonabox’s tiny size means users can carry the device with them anywhere, plugging it into an office ethernet cable to do sensitive work or in a cybercafe in China to evade the Great Firewall. The result, if Anonabox fulfills its security promises, is that it could become significantly easier to anonymize all your traffic with Tor—not just Web browsing, but email, instant messaging, filesharing and all the other miscellaneous digital exhaust that your computer leaves behind online.
“Now all your programs, no matter what you do on your computer, are routed over the Tor network,” says August Germar, one of the independent IT consultants who spent the last four years developing the Anonabox. He says it was built with the intention of making Tor easier to use not just for the software’s Western fans, but for those who really need it more Internet-repressive regimes. “It was important to us that it be portable and small—something you can easily conceal or even throw away if you have to get rid of it.”
http://www.wired.com/2014/10/tiny-box-can-anonymize-everything-online/ h/t @anahi_ayala
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu.
On 10/13/14, Travis Biehn <tbiehn@gmail.com> wrote:
... Interested in update mechanisms, interdiction resilience, trusted boot, web / other interfaces.
These devices just change and expand your threat surface.
back in 2007/2008 we launched the Janus Privacy Adapter devices. first on dual NIC gumstix, then on the now defunct Yoggie Gatekeeper Pro hardware. both of these had a minimal footprint, two ethernet jacks for transparent proxy in-line, and power via USB. updates deployed via hidden service, or yourself via command line ssh. the attack surface (on device) was minimal, as the control port was not exposed to the network, etc. client risk is another story, considering untrusted exit relays and insecure protocols. for this reason we applied a number of band-aids blocking known risky ports. this is not an effective approach, and EPICFAIL shows how a single request not behind Tor proxy unmasks perfectly. best case you would use a Tor Browser on each of the hosts behind the privacy appliance in transparent proxy mode. (e.g. TOR_TRANSPROXY=1 before launching) and block any other application or service from communicating over the network. this significantly impairs functionality, however. as also mentioned in the article, there have been other variations on this theme, with more or less robust security posture on device and for the users behind. many of these considerations are outlined in the transparent proxy page: https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy best regards,
Security wise, what's the deal with using VPN through Tor? Convenience stacks up very well, you get an IP that's less likely to get blocked/captcha'd, and you avoid evil relays (provided your VPN has pre-shared-certs). But, does it open you up to a whole new world of circumventing-tor's-security-hax pain? Also, any guides out there to accomplish this? :) On 13/10/14 19:54, coderman wrote:
On 10/13/14, Travis Biehn <tbiehn@gmail.com> wrote:
... Interested in update mechanisms, interdiction resilience, trusted boot, web / other interfaces.
These devices just change and expand your threat surface.
back in 2007/2008 we launched the Janus Privacy Adapter devices. first on dual NIC gumstix, then on the now defunct Yoggie Gatekeeper Pro hardware. both of these had a minimal footprint, two ethernet jacks for transparent proxy in-line, and power via USB.
updates deployed via hidden service, or yourself via command line ssh.
the attack surface (on device) was minimal, as the control port was not exposed to the network, etc.
client risk is another story, considering untrusted exit relays and insecure protocols. for this reason we applied a number of band-aids blocking known risky ports. this is not an effective approach, and EPICFAIL shows how a single request not behind Tor proxy unmasks perfectly.
best case you would use a Tor Browser on each of the hosts behind the privacy appliance in transparent proxy mode. (e.g. TOR_TRANSPROXY=1 before launching) and block any other application or service from communicating over the network. this significantly impairs functionality, however.
as also mentioned in the article, there have been other variations on this theme, with more or less robust security posture on device and for the users behind.
many of these considerations are outlined in the transparent proxy page: https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
best regards,
-- Twitter: @onetruecathal, @formabiolabs Phone: +353876363185 Blog: http://indiebiotech.com miniLock.io: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
It (and any other persistent connections such as joining an IRC server) provides a good graph for a TLA to justify further liberties with your liberties. -Travis
participants (3)
-
Cathal Garvey -
coderman -
Travis Biehn