Re: [tor-talk] Designing a secure Tor box for safe web browsing?
Hi, Maxim Kammerer wrote (04 Apr 2012 22:39:09 GMT) : The user is expected to keep private information on the system (remember that Liberté had persistence from the beginning, but this is often true even without persistence). If the system is exploited, finding out the computer's MAC / IP addresses will most likely be the least of the user's problems. Back to the threat model, then :) One of the main Tails use-case we've heard of is to work on stuff that is public, or will become public soon: in this case, what they want to hide is not really the actual content, but instead its linkage to particular physical locations or hardware. In this case, finding out the computer's MAC / IP addresses is not the least of their problems. I hope this clarifies things a bit. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
Wow, TorBOX? Does that exist yet? That would be genius. What is the fastest VM? From: pro...@secure-mail.biz pro...@secure-mail.biz To: tor-talk@lists.torproject.org Sent: Thursday, April 5, 2012 4:21 AM Subject: Re: [tor-talk] Designing a secure Tor box for safe web browsing? Can TorBOX be of any help for your plans? Because, while people can run Tails in a VM by themselves already, doing this certainly does not give them the same benefits as an integrated, pre-configured Live amnesic host OS + Tor routing VM + desktop VM Tails would: Alternative you could also combine Live amnesic host OS and Tor routing. Live amnesic host OS + Tor routing VM + desktop VM... or... Live amnesic host OS with Tor routing + desktop VM. Both method have pros and cons. __ powered by Secure-Mail.biz - anonymous and secure e-mail accounts. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
Wow, TorBOX? Does that exist yet? Yes. https://trac.torproject.org/projects/tor/wiki/doc/TorBOX What is the fastest VM? VMware is fastest. From my experience... ( means faster than) VMware (fastest) VirtualBox Qemu Bochs (slowest) Untested: KVM, Xen We choose VirtualBox, for reasons explained on that site. __ powered by Secure-Mail.biz - anonymous and secure e-mail accounts. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
awesome thank you for the heads up! From: pro...@secure-mail.biz pro...@secure-mail.biz To: tor-talk@lists.torproject.org Sent: Friday, April 6, 2012 7:31 PM Subject: Re: [tor-talk] Designing a secure Tor box for safe web browsing? Wow, TorBOX? Does that exist yet? Yes. https://trac.torproject.org/projects/tor/wiki/doc/TorBOX What is the fastest VM? VMware is fastest. From my experience... ( means faster than) VMware (fastest) VirtualBox Qemu Bochs (slowest) Untested: KVM, Xen We choose VirtualBox, for reasons explained on that site. __ powered by Secure-Mail.biz - anonymous and secure e-mail accounts. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
Can TorBOX be of any help for your plans? Because, while people can run Tails in a VM by themselves already, doing this certainly does not give them the same benefits as an integrated, pre-configured Live amnesic host OS + Tor routing VM + desktop VM Tails would: Alternative you could also combine Live amnesic host OS and Tor routing. Live amnesic host OS + Tor routing VM + desktop VM... or... Live amnesic host OS with Tor routing + desktop VM. Both method have pros and cons. __ powered by Secure-Mail.biz - anonymous and secure e-mail accounts. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
Hi, Preamble: I'm still not convinced the benefits of the Live amnesic host OS + Tor routing VM + desktop VM approach are worth the energy we would need to move Tails to this model, but I do find it interesting to go on a bit with the thought experiment, and to explore the limits of this idea. Maxim Kammerer wrote (26 Mar 2012 16:12:41 GMT) : On Mon, Mar 26, 2012 at 00:52, intrigeri intrig...@boum.org wrote: I'm curious about what resources proved to be limiting during your experiments, and what too demanding means in your usecases. Well, Intel VT / AMD-V virtualization extensions are rarely available on laptops, and without these extensions (accessible, e.g., via KVM), running a virtualized instance is extremely slow In my experience, a 7 year old laptop with no VT extensions runs quite comfortably a full Debian desktop inside a VirtualBox virtual machine. Obviously, you don't get the entire power of your bare metal CPU, but you don't lose that much either, and I would certainly don't feel the end result to be anything like extremely slow. On the other hand, my experience with QEMU clearly matches the extremely slow results. Maybe your conclusions on VM speed are simply too tightly bound to QEMU? There are also RAM requirements — how much do you allocate? This needs to be decided in advance, regardless of how much memory the user needs for performing the task in the VM. In the scenario this thread is about, I don't think it's that hard to find a way of splitting the memory that allows the user to perform their task, without being all too wasteful: * the host system's memory needs are not likely to vary much, are they? * the Tor routing VM memory needs are not likely to vary much, either * the Desktop VM gets what's left Obviously, this gets much harder for applications VM. I would be happy to learn why you consider this is pointless. For tasks like abstracting network interfaces and other hardware, the user can run everything in a VM by themselves — why force it on everyone? These abstractions are probably the only reason why I think this approach would somehow make sense for Tails needs (even if I don't know if we will go this way in the end). This is hardly a technical question. It's obvious to me how the way you ask it, and the way I am answering, say much about how Tails and Liberté Linux differ in their approach of non-technical matters, in the ways we think our relationship to users. Let's catch this opportunity to explain my take on this a bit, and hopefully understand each other better. Note that I don't care about convincing anyone here :) So, why would it make sense to pre-configure, for everyone, the technical tools that get these abstractions up and running? Because Tails is about building a common pre-configured system that tries to address certain common needs, for anyone who happens to share these needs. (We certainly value user {self-,}education very much, as I think the recent efforts put into reorganizing and writing Tails documentation clearly displays: learning some amount of technical stuff is a must to make ones own security decisions properly. But I absolutely don't think that learning how to choose, install and configure virtualization software, and how to setup a Tails or Liberté VM in there belongs to the kind of knowledge that empowers people to make their own security decisions properly. I'd rather see Tails users learn things more useful than this.) Because, while people can run Tails in a VM by themselves already, doing this certainly does not give them the same benefits as an integrated, pre-configured Live amnesic host OS + Tor routing VM + desktop VM Tails would: * In the first case, they have to trust _their host system_ to not steal information, and to not leak anything to disk, willingly or not. * In the second case, they don't need to setup and configure that host system, because we do. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
On Wed, Apr 4, 2012 at 23:46, intrigeri intrig...@boum.org wrote: Maybe your conclusions on VM speed are simply too tightly bound to QEMU? That's probably the case — QEMU is much slower than VMware and VirtualBox even when virtualization extensions are available. The reason I only tested QEMU is because it seemed like the only lightweight option (a few MiB overall added to the image, if I remember right). In the scenario this thread is about, I don't think it's that hard to find a way of splitting the memory that allows the user to perform their task, without being all too wasteful: Obviously, this gets much harder for applications VM. True, my use case was using a VM for running the unsafe browser, not as a thin layer for the whole system. These abstractions are probably the only reason why I think this approach would somehow make sense for Tails needs (even if I don't know if we will go this way in the end). But if such abstractions are the target, perhaps there are better alternatives than running everything in a VM? E.g., making the user who establishes network connections different from the main user, and preventing the main user from accessing any network information. This is hardly a technical question. It's obvious to me how the way you ask it, and the way I am answering, say much about how Tails and Liberté Linux differ in their approach of non-technical matters, in the ways we think our relationship to users. I actually view this as a technical question (Liberté Linux does not assume technically knowledgeable users either). The user is expected to keep private information on the system (remember that Liberté had persistence from the beginning, but this is often true even without persistence). If the system is exploited, finding out the computer's MAC / IP addresses will most likely be the least of the user's problems. The only case where using a VM is justified then, in my opinion, is for running specific untrusted applications inside it (application VM above). This is different from, e.g., setting up a hidden service server, where you expect it to be eventually exploited, and take care to not keep any private or identifying information on it. I should also mention here that I never got an answer on this list about whether Tor is actually designed to withstand active attacks from within the client. It could be that running everything inside a VM doesn't even help against discovering the externally exposed IP of an exploited VM guest by some kind of active network probing attack. But I absolutely don't think that learning how to choose, install and configure virtualization software, and how to setup a Tails or Liberté VM in there belongs to the kind of knowledge that empowers people to make their own security decisions properly. Well, Liberté is distributed as an .ova bundle as one of the download options — setting it up is as simple as opening the file in VMware / VirtualBox. I devoted substantial efforts to making the .ova “just work” for most users (OVF standard vs. reality is somewhat of a mess currently). Providing instructions for installing a “good” host OS should be enough in this case, I think. Because, while people can run Tails in a VM by themselves already, doing this certainly does not give them the same benefits as an integrated, pre-configured Live amnesic host OS + Tor routing VM + desktop VM Tails would: I don't disagree, I just don't think that this advantage is important enough to trump the inefficiency inherent in running everything in a VM for everyone. -- Maxim Kammerer Liberté Linux (discussion / support: http://dee.su/liberte-contribute) ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
Hi, Maxim Kammerer wrote (22 Mar 2012 14:07:25 GMT) : I implemented that approach once for the purpose of running unsafe browser (https://github.com/mkdesu/liberte/commit/0f0646e), executing an already-running image inside a nested QEMU. It's a nice exercise, but too demanding on resources, I'm curious about what resources proved to be limiting during your experiments, and what too demanding means in your usecases. Knowing these figures would make this report useful, to a degree, to draw conclusions for other usecases. and ultimately pointless (personal opinion). I would be happy to learn why you consider this is pointless. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
I'm curious about what resources proved to be limiting during your experiments, and what too demanding means in your usecases. Knowing these figures would make this report useful, to a degree, to draw conclusions for other usecases. Quoted from http://dee.su/liberte Moreover, some concepts that are only theoretically considered in Tails, such as virtualization of applications, had been already implemented in Liberté Linux in the past, but were ultimately rejected — the Inception mechanism of self-virtualization was found to be too resource-demanding of the typical hardware available to users. Let's see if he wants to expand that. and ultimately pointless (personal opinion). I would be happy to learn why you consider this is pointless. Question still open. __ powered by Secure-Mail.biz - anonymous and secure e-mail accounts. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
On Mon, Mar 26, 2012 at 00:52, intrigeri intrig...@boum.org wrote: I'm curious about what resources proved to be limiting during your experiments, and what too demanding means in your usecases. Well, Intel VT / AMD-V virtualization extensions are rarely available on laptops, and without these extensions (accessible, e.g., via KVM), running a virtualized instance is extremely slow (startup time is also very high if only doing that for specific applications, even with KVM). There are also RAM requirements — how much do you allocate? This needs to be decided in advance, regardless of how much memory the user needs for performing the task in the VM. I would be happy to learn why you consider this is pointless. Relying on such (intrinsically complex) VM separation for security of specific applications means that you don't trust your system to perform basic tasks like user privileges separation (e.g., when unsafe browser is run under dedicated user credentials). This is somewhat contradictory. For tasks like abstracting network interfaces and other hardware, the user can run everything in a VM by themselves — why force it on everyone? For approaches like Qubes OS, see my comment here: https://forum.dee.su/topic/gui-isolation. -- Maxim Kammerer Liberté Linux (discussion / support: http://dee.su/liberte-contribute) ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
On Sunday 14 August 2011 18:25:37 intrigeri wrote: Gozu-san wrote (07 Aug 2011 19:53:36 GMT) : As the router for a VirtualBox internal network, ra's Tor gateway VM http://ra.fnord.at/ does basically what you describe. Interesting. I was not able to find the source code / documentation to build one's own VM image, which is frustrating. I am sorry for that but I got limited resources for working on this project. The code for the gateway is now online and I am moving the whole project to github.[0] Although not that strongly related, this discussion makes me think of an idea that's been sleeping for a while in Tails' wishlist: https://tails.boum.org/todo/Two-layered_virtualized_system/ This is to some degree what I am implementing. Until deciding for a better name[1] I call the two parts Tor gateway and Tor workstation. The gateway is still missing a few features[2] (and documentation especially) but it is out of a proof-of-concept-only state. (Whereas the fast gateway and workstation[3] are still proof-of-concept). Tails does a much better job at being a Tor workstation so it might be a good idea to try to make it fit into the virtualization concept - although VirtualBox does not support exporting VMs to OVA including a ISO by now. [0] https://github.com/ra--/Tor-gateway [1] https://github.com/ra--/Tor-gateway/wiki/Todo [2] https://github.com/ra--/Tor-gateway/blob/master/TODO [3] http://ra.fnord.at/2011/05/easy-and-secure-anonymous-internet-usage/ ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
On Thu, Mar 22, 2012 at 12:02, ra r...@lavabit.com wrote: Although not that strongly related, this discussion makes me think of an idea that's been sleeping for a while in Tails' wishlist: https://tails.boum.org/todo/Two-layered_virtualized_system/ This is to some degree what I am implementing. I implemented that approach once for the purpose of running unsafe browser (https://github.com/mkdesu/liberte/commit/0f0646e), executing an already-running image inside a nested QEMU. It's a nice exercise, but too demanding on resources, and ultimately pointless (personal opinion). VirtualBox does not support exporting VMs to OVA including a ISO by now. VMware does (didn't check whether it or VirtualBox supports reading that back): File ovf:href=someimage.iso ovf:id=file1 ovf:size=216457216/ Item rasd:AddressOnParent0/rasd:AddressOnParent rasd:AutomaticAllocationtrue/rasd:AutomaticAllocation rasd:ElementNamecdrom1/rasd:ElementName rasd:HostResourceovf:/file/file1/rasd:HostResource rasd:InstanceID6/rasd:InstanceID rasd:Parent5/rasd:Parent rasd:ResourceType15/rasd:ResourceType /Item -- Maxim Kammerer Liberté Linux (discussion / support: http://dee.su/liberte-contribute) ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
Hi, Gozu-san wrote (07 Aug 2011 19:53:36 GMT) : As the router for a VirtualBox internal network, ra's Tor gateway VM http://ra.fnord.at/ does basically what you describe. Interesting. I was not able to find the source code / documentation to build one's own VM image, which is frustrating. Although not that strongly related, this discussion makes me think of an idea that's been sleeping for a while in Tails' wishlist: https://tails.boum.org/todo/Two-layered_virtualized_system/ Bye, -- intrigeri intrig...@boum.org | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | If you must label the absolute, use it's proper name: Temporary. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
On Sun, Aug 07, 2011 at 02:47:24PM +0200, mli...@robin-kipp.net wrote 3.8K bytes in 11 lines about: : so, I've been browsing the web using Tor for some time now, and I have to say that, at least with the cir quid I am currently using, I'm quite impressed with the performance, especially since I'm only connected through a 3g ap at the moment! So, I've had a look around the Torproject site and reading up on how it all works and what safeguarding should be performed in order to stay secure. So, I was thinking, how could I get all the systems that are part of my own home network to access the web securely and anonymously? Well, I came up with the following idea, and since some of you guys may have tried this, was wondering if this would be practicable: Many people use Tails[1] for this on a dedicated host, or they're waiting for the torouter[2] to exist in some form. [1] http://tails.boum.org [2] https://trac.torproject.org/projects/tor/wiki/doc/Torouter In either case, the most controversial issue is the transparent routing of all TCP traffic over Tor. The concern is that this is going to encourage people do to unsafe things over tor. Even if it isn't encouraged, people will use technologies that cannot be properly secured and merely push the risks from their local network and ISP to exit relays. The costs to the user could be high. The current discussion is found at https://trac.torproject.org/projects/tor/ticket/3453 -- Andrew pgp key: 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Designing a secure Tor box for safe web browsing?
Hi all, so, I've been browsing the web using Tor for some time now, and I have to say that, at least with the cir quid I am currently using, I'm quite impressed with the performance, especially since I'm only connected through a 3g ap at the moment! So, I've had a look around the Torproject site and reading up on how it all works and what safeguarding should be performed in order to stay secure. So, I was thinking, how could I get all the systems that are part of my own home network to access the web securely and anonymously? Well, I came up with the following idea, and since some of you guys may have tried this, was wondering if this would be practicable: on my network, all devices are behind a hardware firewall that performs NAT and packet filtering for viruses and other malicious stuff (UTM). The firewall acts as the DHCP within the network, and its WAN port is connected to my router which only handles internet connections. So far for my current network topology. Now, I was thinking of adding another gateway here. My idea was to take an embedded PC (e.g. a Soekris box) and installing a distribution such as Debian on its memory. Then, a DHCP could first be set up on this box. Using iptables, network interface routing could be configured, so that traffic arriving at the LAN network interfaces would be routed to one exit point, the WAN interface. So, at this stage, the DHCP on the Debian machine would assign IPs to clients connected to the LAN ports, and all traffic arriving at these ports would be redirected to one port which would be the WAN. Now, this box could, for example, be connected in between the firewall and the route r. So, the firewall would receive an IP from the Debian box, and all network clients would still be behind the firewall. So then, when a client wants to access the internet, it would first go through the firewall, from the firewall to the Debian box and from there to the router and the web. Now, the Debian box would have to route all connections through the Tor network. I guess Polipo could be set up on the Debian box so that it will route all outgoing connections through the Tor network. In this case, all traffic passing through the box would be anonymized on the fly. However, some other steps would have to be taken. For example, I guess it would be wise to implement functionality such as offered by the SSL Everywhere Firefox extension, so that SSL would automatically be enabled on as many sites as possible. Also, it probably would be better to configure Polipo to reject any Cookies, Java Applets, Flash and anything else that could compromise security. As such limitations w ould also limit comfortable browsing, I guess various modes could be designed, such as a safe mode (fully anonymized), a restrictive mode (not everything is blocked, thus potential security risks exist) and a non-restrictive mode (all traffic is routed through Tor, however no packet filtering is performed - most convenient but also most insecure). Also, both safe and restrictive mode could perform things such as browser-header obfuscation, geo-data obfuscation, etc. Sure, such concepts would probably take some time and work in order to make everything work. Therefore, I wondered if someone might be working on such a task already and if not, if this would be a project which would make sense, and which would be worth putting some effort into. I guess my idea probably isn't new to most people dealing with Tor and secure networking, but I'm wondering if such a platform already exists. I definitely will be working on this once I get back home, as I think such an undertake would be quite useful to me personally! Robin ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
As the router for a VirtualBox internal network, ra's Tor gateway VM http://ra.fnord.at/ does basically what you describe. You could route that to a physical NIC on the host. Or you could replicate the setup in a Soekris etc box. JanusVM http://janusvm.com/ might also work for you. Basically, it's a VM running Tor that you access through an OpenVPN tunnel. On 07/08/11 12:47, Robin Kipp wrote: Hi all, so, I've been browsing the web using Tor for some time now, and I have to say that, at least with the cir quid I am currently using, I'm quite impressed with the performance, especially since I'm only connected through a 3g ap at the moment! So, I've had a look around the Torproject site and reading up on how it all works and what safeguarding should be performed in order to stay secure. So, I was thinking, how could I get all the systems that are part of my own home network to access the web securely and anonymously? Well, I came up with the following idea, and since some of you guys may have tried this, was wondering if this would be practicable: on my network, all devices are behind a hardware firewall that performs NAT and packet filtering for viruses and other malicious stuff (UTM). The firewall acts as the DHCP within the network, and its WAN port is connected to my router which only handles internet connections. So far for my current network topology. Now, I was thinking of adding another gateway here. My idea was to take an embedded PC (e.g. a Soekris box) and installing a distribution such as Debian on its memory. Then, a DHCP could first be set up on this box. Using iptables, network interface routing could be configured, so that traffic arriving at the LAN network interfaces would be routed to one exit point, the WAN interface. So, at this stage, the DHCP on the Debian machine would assign IPs to clients connected to the LAN ports, and all traffic arriving at these ports would be redirected to one port which would be the WAN. Now, this box could, for example, be connected in between the firewall and the rou te r. So, the firewall would receive an IP from the Debian box, and all network clients would still be behind the firewall. So then, when a client wants to access the internet, it would first go through the firewall, from the firewall to the Debian box and from there to the router and the web. Now, the Debian box would have to route all connections through the Tor network. I guess Polipo could be set up on the Debian box so that it will route all outgoing connections through the Tor network. In this case, all traffic passing through the box would be anonymized on the fly. However, some other steps would have to be taken. For example, I guess it would be wise to implement functionality such as offered by the SSL Everywhere Firefox extension, so that SSL would automatically be enabled on as many sites as possible. Also, it probably would be better to configure Polipo to reject any Cookies, Java Applets, Flash and anything else that could compromise security. As such limitations w ould also limit comfortable browsing, I guess various modes could be designed, such as a safe mode (fully anonymized), a restrictive mode (not everything is blocked, thus potential security risks exist) and a non-restrictive mode (all traffic is routed through Tor, however no packet filtering is performed - most convenient but also most insecure). Also, both safe and restrictive mode could perform things such as browser-header obfuscation, geo-data obfuscation, etc. Sure, such concepts would probably take some time and work in order to make everything work. Therefore, I wondered if someone might be working on such a task already and if not, if this would be a project which would make sense, and which would be worth putting some effort into. I guess my idea probably isn't new to most people dealing with Tor and secure networking, but I'm wondering if such a platform already exists. I definitely will be working on this once I get back home, as I think such an undertake wou ld be quite useful to me personally! Robin ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
Hi Gozu-san, thanks for the links! They seem like good starting points for such a project. Such a box would be, when designed and fully configured, a good and stable way for people wanting to give their machines secure www access. Other than the software config, I could also imagine certain hardware precautions that could be made. For example, such a device could, in theory, come with a static ROM that contains the software in a way which can't be altered. The dynamic info required to run Tor could then be stored in a RAM (e.g. directory / cirquit info, logs, etc) and would be discarded immediately once the device is disconnected from the power source. The advantage of such a setup would be that it wouldn't store more data than required for sure. However, I guess updating Tor, or any other packages, would be impossible in that case. Still, I do like the idea of having a black box that takes care of anon web resource access and privacy control. Guess I'll keep researching and working on th is, and see what I come up with! If anyone would like to help, suggest ideas or thinks this would be total nonsense, please let me know! I'm new to working on such projects and have some general ideas at the moment, so this is also kind of exciting for me. Robin ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
On Sun, 7 Aug 2011 23:29:21 +0200 Robin Kipp mli...@robin-kipp.net wrote: Hi Gozu-san, thanks for the links! They seem like good starting points for such a project. Such a box would be, when designed and fully configured, a good and stable way for people wanting to give their machines secure www access. Other than the software config, I could also imagine certain hardware precautions that could be made. For example, such a device could, in theory, come with a static ROM that contains the software in a way which can't be altered. The dynamic info required to run Tor could then be stored in a RAM (e.g. directory / cirquit info, logs, etc) and would be discarded immediately once the device is disconnected from the power source. The advantage of such a setup would be that it wouldn't store more data than required for sure. However, I guess updating Tor, or any other packages, would be impossible in that case. Still, I do like the idea of having a black box that takes care of anon web resource access and privacy control. Guess I'll keep researching and working on th is, and see what I come up with! If anyone would like to help, suggest ideas or thinks this would be total nonsense, please let me know! I'm new to working on such projects and have some general ideas at the moment, so this is also kind of exciting for me. Robin ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk take a look at: http://isprins.blogspot.com/2011/03/excitos-b3-and-tor.html http://forum.excito.net/viewtopic.php?f=9t=2898 The software upgrade with tor included is coming soon. -- PGP KEY ID 2D22D97B Håken Hveem Norway ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk