[liberationtech] With This Tiny Box, You Can Anonymize Everything You Do Online | WIRED

[coderman]

On 10/13/14, Travis Biehn <tbiehn at gmail.com> wrote:
> ...
> Interested in update mechanisms, interdiction resilience, trusted boot, web
> / other interfaces.
>
> These devices just change and expand your threat surface.


back in 2007/2008 we launched the Janus Privacy Adapter devices. first
on dual NIC gumstix, then on the now defunct Yoggie Gatekeeper Pro
hardware. both of these had a minimal footprint, two ethernet jacks
for transparent proxy in-line, and power via USB.

updates deployed via hidden service, or yourself via command line ssh.

the attack surface (on device) was minimal, as the control port was
not exposed to the network, etc.

client risk is another story, considering untrusted exit relays and
insecure protocols. for this reason we applied a number of band-aids
blocking known risky ports. this is not an effective approach, and
EPICFAIL shows how a single request not behind Tor proxy unmasks
perfectly.

best case you would use a Tor Browser on each of the hosts behind the
privacy appliance in transparent proxy mode. (e.g. TOR_TRANSPROXY=1
before launching) and block any other application or service from
communicating over the network.  this significantly impairs
functionality, however.

as also mentioned in the article, there have been other variations on
this theme, with more or less robust security posture on device and
for the users behind.

many of these considerations are outlined in the transparent proxy
page: https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy


best regards,