[liberationtech] With This Tiny Box, You Can Anonymize Everything You Do Online | WIRED
Cathal Garvey
cathalgarvey at cathalgarvey.me
Mon Oct 13 12:11:33 PDT 2014
Security wise, what's the deal with using VPN through Tor? Convenience
stacks up very well, you get an IP that's less likely to get
blocked/captcha'd, and you avoid evil relays (provided your VPN has
pre-shared-certs). But, does it open you up to a whole new world of
circumventing-tor's-security-hax pain?
Also, any guides out there to accomplish this? :)
On 13/10/14 19:54, coderman wrote:
> On 10/13/14, Travis Biehn <tbiehn at gmail.com> wrote:
>> ...
>> Interested in update mechanisms, interdiction resilience, trusted boot, web
>> / other interfaces.
>>
>> These devices just change and expand your threat surface.
>
>
> back in 2007/2008 we launched the Janus Privacy Adapter devices. first
> on dual NIC gumstix, then on the now defunct Yoggie Gatekeeper Pro
> hardware. both of these had a minimal footprint, two ethernet jacks
> for transparent proxy in-line, and power via USB.
>
> updates deployed via hidden service, or yourself via command line ssh.
>
> the attack surface (on device) was minimal, as the control port was
> not exposed to the network, etc.
>
> client risk is another story, considering untrusted exit relays and
> insecure protocols. for this reason we applied a number of band-aids
> blocking known risky ports. this is not an effective approach, and
> EPICFAIL shows how a single request not behind Tor proxy unmasks
> perfectly.
>
> best case you would use a Tor Browser on each of the hosts behind the
> privacy appliance in transparent proxy mode. (e.g. TOR_TRANSPROXY=1
> before launching) and block any other application or service from
> communicating over the network. this significantly impairs
> functionality, however.
>
> as also mentioned in the article, there have been other variations on
> this theme, with more or less robust security posture on device and
> for the users behind.
>
> many of these considerations are outlined in the transparent proxy
> page: https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
>
>
> best regards,
>
--
Twitter: @onetruecathal, @formabiolabs
Phone: +353876363185
Blog: http://indiebiotech.com
miniLock.io: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20141013/16d7c066/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20141013/16d7c066/attachment-0001.sig>
More information about the cypherpunks
mailing list