Tor Appliance

Safeplug is an easy-to-use Tor appliance. I like that it can also act as a Tor exit node.

EDITED TO ADD: I know nothing about this appliance, nor do I endorse it. In fact, I would like it to be independently audited before we start trusting it. But it's a fascinating proof-of-concept of encapsulating security so that normal Internet users can use it.

Posted on November 27, 2013 at 6:28 AM • 68 Comments

Comments

Brent LongboroughNovember 27, 2013 6:44 AM

Bruce, thanks for the pointer.

It looks very nice, but with many government agencies running out-of-control, how might we reassure ourselves that Safeplug can really be trusted and hasn't been spiked in some way?

I mean absolutely no offence to the excellent people at Safe/PogoPlug, but how could an activist trust that SafePlug isn't phoning home to the Death Star in Maryland or Cheltenham?

PipedreamNovember 27, 2013 6:50 AM

Bonus:
"Safeplug has ad-blocking software built-in out of the box. No need for extra installations or downloads."

grugqNovember 27, 2013 6:59 AM

Hi,

This is a commercial variant of the FOSS PORTAL project that I released in September 2012 at Ekoparty. You don't need to run a closed source commercial device to get easy Tor anonymity, just use PORTAL on the RaspberryPi. (With 2m devices sold, possessing an RPi is unlikely to raise suspicion, but a purpose build dedicated Tor device will).

For significantly more information on how PORTAL functions, and why it does what it does (as well as the limitations of what protections Tor can offer). See:

Here is the document explaining the PORTAL design decisions.

Here is the original PORTAL code .

Here is the (recommended) PORTAL of Pi project, using a RaspberryPi rather than a chipped router.

Here is the slide deck for the presentation announcing PORTAL.

Here is a video of the presentation.

If you are concerned about protecting your privacy, you'll probably want to check out my blog (and tumblr) about OPSEC and tradecraft.

StromdalNovember 27, 2013 7:32 AM

Unless Bruce himself has oversight on the development of this device I would not trust Cloud Engines to not be a subsidiary of The Govn't LLC. (Sorry about the double negation)

Dirk PraetNovember 27, 2013 7:48 AM

Similar to Adafruit's Onion Pi, which I briefly mentioned in October 11th's Air Gaps thread on this blog. Especially useful when on the road and requiring internet access through untrustworthy connections at hotels, conferences and the like.

@ thegrugq

Has PORTAL's pre-netctl network config been updated recently ? We briefly discussed this on Twitter somewhere last month.

@ Everyone else

Check out @ thegrugq's OPSEC guidelines. They are very much worth the read.

Ian IrelandNovember 27, 2013 7:58 AM

My takeaway from this is 1) it's commercially available and usable off the shelf, without assembly or compiling and B) it's marketed as "protect your family". Which suggest to me that TOR usage is getting more culturally mainstream.

Nicholas WeaverNovember 27, 2013 8:20 AM

This is, IMO, a BAD BAD BAD idea.

To begin with, Tor can only be used to safely visit SSL-only sites or hidden services: too many exit nodes are monitored/malicious.

Then there is browsing through Tor with a normal browser. The NSA has a term for this (I don't know if it was a codeword or humor, but it was in the Tor slides): EPICFAIL.

Its downright trivial to deanonymize these users for an active adversary with cookie games and user agent strings, and downright trivial to exploit thanks to the standard browser not being nearly so hard (e.g. has Flash) as the Tor Browser Bundle.

GweihirNovember 27, 2013 8:42 AM

I agree with Nicholas that this plug is a bad idea. Secure TOR use is only really possible if the application is configured right, as in the Tor browser Bundle or in TAILS. (Although the Browser Bundle still has or had JavaScript on. This is a problem, especially after the FBI used a 0-day in JavaScript to identify users of hidden services hosted on freedom hosting. In fairness though, users that did update in a timely manner were not affected.)

As to the exit nodes, anybody marginally careful will use SSL for anything that should not be openly readable anyways. That exit nodes routinely find juicy stuff is more a problem of the users, not of TOR. A backbone tap would find just the same things, and we now know that they exits in quite a few places.

grugqNovember 27, 2013 8:59 AM

@ Dirk

Not yet. It is an issue on the GitHub tracker, but I won't have time to work on PORTAL again until next week.

A lot of people have indicated a desire for a raw disk image they can dd onto an SD and just run, which is what I'll be working on then. The lack of Arch Linux ARM console based tools for easy network configuration is a serious concern. I might have to use Raspbian just for the network-manager.

AutolykosNovember 27, 2013 9:12 AM

@Nicholas Weaver: Completely agree about using Tor with Flash or Javascript enabled being one of the most stupid things you could do with it. But AFAIK the damage malicious exit nodes can do is kinda limited, unless they want to use high-value exploits (like critical vulnerabilities in Firefox) indiscriminately on lots of at least moderately tech-savvy people (which seems to be a Bad Idea).
The other problem is that Tor is still kinda slow, so you would not want to use it for transferring inconspicuous bulk data or when timing is critical (like VoIP or online games). Having a separate browser still seems to be the way to go.

BPNovember 27, 2013 10:26 AM

I tried Tor by adding Tails to a lockable USB drive but ended up getting my lockable USB drive demolished and rendered unususable. Can't explain, or won't online, but I understand how that happened. Also all those disks that spinwrite somehow would no longer work on and that can't be formatted were using an internal loopback device on them and it pointed back either to a USB port or a the CDrom or DVD cache. So it wouldn't format because parted magic or all the other programs that formatted that free software has available wouldn't format them. Couldn't write back the unwriteable cache. So when I try to format them now, they look to write the first sector at a zero sector partition. Pretty insidious but I've completely deconstucted how it works and what the files are that are used to do that. I won't dare put those on the internet now, although I have fixed some of them. I decided to see what would happen if I reversed the internal lookback by putting a hard drive on a USB port which worked in allowing me to see what is on the "spying" portion of the drive by doing a reverse and using two hard drives I can format them by just unmounting all those hidden partions. But I'm plaing arond with them as I'm just curious and want to see if I can fix them without going the reverse loopback route.

Works quite well, and although I'm not going to put anyof these thing on the internet since the security holes are probably large and probably have many unsuspecting side effects, I had to find the answer. But with the loopback reversed, when I start up the computer, if I click on the DVD to boot, or the USB to boot, the hard drive boots and when I click on the hard drive, the DVD boots and whatever is on the DVD drive gets read into the hard disk. Weird. Thus I have a working OS on those drives. Thus I'm able to enter the hidden hard drive sectors and delete any portion of the poisoned part of the drive if I so choose. Since I can't format the ones that have problems with not formatting (unless I use the reverse method), which I can't because they've become unusable over time, I'm experimenting to see if I can do that by encrypting them and then undoing that.All completely offline. I don't want to damage the net or cause this thing to cause anyone else any problems but I'm just curious and wanted to figure it out. I suspect it might cause me to get information back from the attacker if I did that but I'm not that brave and really have no interest in doing that because some low level person would probably be scapegoated. I don't plan to use encryption anymore. I lost four of six brand new hard drives in the past few weeks by installing different free software programs, Fedora and Suse, which caused the bad boot sectors to be put on the drive immediately thereafter. It was easily seen because the drive lost about 5GB each time.. I fixed one and I don't know if I'll send the other three back to the mfg or not. I can verify if they're clean perfectly now.

But the whole thing has been interesting. I'm not a techie but perhaps by thinking out of the box, I found out the answer to something that has been bugging me for a long time. As someone else surmised, General Failure wasn't the culprit. I'm not saying any more than that.
Boot Magic is the thing that was used here at least on one or two of them. And I've never used that program or had any knowledge of it. But I had to find out why I was losing 5GB or drive space whenever I installed Fedora encrypted. And so I did.

I do have one question. Since these were open source software installs on fresh hard drives, was the free software foundation license violated? I think definitely yes. Anyone else have an opinion?

I've just decided to go back to Windows and Microsoft. They're reforming now and are victims just like everyone else. Although if I can ever get a Linux install to install properly, I'll use that just to keep up with the format. From now on, I think I'll primarily use Windows unless they misbehave. I do wish they'd come out with various Windows platforms or "spins" where you could move to a different OS at less cost. I'd try out several and perhaps spend more money on different OS spins than I have just using Windows by buying an install for a motherboard or buying a new machine. That's my primary purpose for using Linux, although security was a factor, but I don't think we can escape the surveillance system anyway. We have to do that by political means. I suspected Microsoft for a long time, but I don't think they were the problem unless they were forced to do it. The same as all the other techs.

They're already being helped in getting back their repuation, at at least @cryptome seems to be doing so.

I don't want to see the US lose tech dominance. However if the game playing continues, we probably will.

DavidNovember 27, 2013 12:13 PM

They have one frequently asked question: Is there a backdoor in TOR?...

However, I notice that there is one missing frequently asked question: Is there a backdoor in Safeplug?

Some Guy In A DinerNovember 27, 2013 12:55 PM

I like it. It shouldn't take tool long to reverse and audit. It's just an embedded device. Users need easy solutions to protect themselves and this seems promising.

BenNovember 27, 2013 1:09 PM

I find Safeplug interesting as it seems easy enough for my mom to use.

While Portal of Pi is also interesting, my mom definitely isn't a "certified UNIX network technician".

stvsNovember 27, 2013 1:58 PM

I like that it can also act as a Tor exit node.

To run securely, you need a lot more than a wall wart to operate a Tor exit node. Here's the list of tips from Tor themselves:

  1. Inform your potential ISP(s)
  2. Get a separate IP for the node.
  3. Get recognizable Reverse DNS for this IP
  4. Set up a Tor Exit Notice
  5. Get ARIN registration (if possible)
  6. Consider a Reduced Exit Policy
  7. Rate limit and optionally QoS your node
  8. Consider creating an LLC to run your node

Handing out turn-key Tor exit nodes without explaining the implications for choosing to run one is a very bad idea.

Someone from EUNovember 27, 2013 2:07 PM

To @Brent Longborough and @David use binwalk.org and go from there.

To @Some Guy In a Diner I'll bet, the NSA is the first to audit the new Tor Appliance.

stvsNovember 27, 2013 2:10 PM

We just had a post about tracking technology that undermines the use case that Safeplug describes: using unmodified browsers through Tor. If your browser uses JS and Flash, as the vast majority do, it's game over. Without these added precautions, the claims on their website about "making it impossible for websites and organizations to identify the source or destination of Internet traffic" and "the critical piece of information that an organization or individual needs to determine where you live is your IP address" are transparently false.

WDNovember 27, 2013 3:27 PM

I ordered one. Probably won't use as a proxy for local clients (already have a VPN proxy for that). Will instead set it up on the outside router to serve as a public relay.

Suspect it will attract attention....but that's a duty of citizenship. Citizens *must* push back. Governments don't fear sissies.

WDNovember 27, 2013 3:31 PM

Now if someone can describe a way I can relay secure telephone calls from a consumer dynamic IP address - I'll set one of those up too.

David Dyer-BennetNovember 27, 2013 3:33 PM

I notice their unequivocal statement in the FAQ that Tor does not have a backdoor. It'd be nice to be that confident!

(It's nice that I sometimes click "preview" by mistake; because apparently thinking I clicked "submit" is enough to invoke the magical proofreading brain to instantly spot the errors.)

Bob S.November 27, 2013 4:07 PM

Tor works, but maybe not some anonymity sites.

I tried a very well known free vpn and then tested it at this site:

http://ip-check.info/?lang=en

It turns out, there is a ftp leak via the vpn which revealed my real ip address, apparently easily. Yes, I had checked boxes to prevent flash and js.

And, remember Flash circumvents ssh and other proxies and thus can reveal the ip address.

Ouch!

Everyone who thinks they are anonymous should run the test at the above site.

Everyone!

Scott FergusonNovember 27, 2013 5:28 PM

@BP


I tried Tor by adding Tails to a lockable USB drive but ended up getting my lockable USB drive demolished and rendered unususable. Can't explain,

I can. PEBCAK.

Short version.
You have no idea what you're doing and "dd"-ed an image over your existing partition table.
Re-partition, re-format, loosen that aluminum foil hat, learn to read the instructions.

Pretty insidious but I've completely deconstucted how it works and what the files are that are used to do that. I won't dare put those on the internet now, although I have fixed some of them. I decided to see what would happen if I reversed the internal lookback by putting a hard drive on a USB port which worked in allowing me to see what is on the "spying" portion of the drive by doing a reverse and using two hard drives I can format them by just unmounting all those hidden partions.
You've taken an image of a small device with it's partition table and formating, and overwritten your existing partitions on a larger device. Think of the device as a sheet of paper (device analogy) on which you've drawn a column or columns (partition/s analogy) - that column or columns are ruled up so you have somewhere to write (format analogy). You have a big piece of paper with several columns on it (standard Windoof partitioning) each ruled up as NTFS (standard Windoof formatting). You've then taken a smaller piece of paper with a column (or columns) on it, each ruled up to hold data (probably ext4) and stuck that piece of paper onto the larger piece of paper. Those "insidious hidden partitions" is just columns and ruled lines not covered over by the smaller piece of paper. HTH.
the reverse loopback route.

You're just making these terms up right? :)

Works quite well, and although I'm not going to put anyof these thing on the internet since the security holes are probably large and probably have many unsuspecting side effects, I had to find the answer. But with the loopback reversed, when I start up the computer, if I click on the DVD to boot, or the USB to boot, the hard drive boots and when I click on the hard drive, the DVD boots and whatever is on the DVD drive gets read into the hard disk.
!! You are, um, mistaken. Disable or remove the hard drive and test that faulty assumption. That's just the standard POST.
I lost four of six brand new hard drives in the past few weeks by installing different free software programs, Fedora and Suse, which caused the bad boot sectors to be put on the drive immediately thereafter.
Just remove GRUB. You haven't lost anything (physical).
But I had to find out why I was losing 5GB or drive space whenever I installed Fedora encrypted.
Lost 5GB of drive space after creating a 5GB partition and installing Fedora onto it... ;)

Take the time to learn a little about formatting and partitioning, you'll find the knowledge very useful.

I do have one question. Since these were open source software installs on fresh hard drives, was the free software foundation license violated? I think definitely yes. Anyone else have an opinion?
Have you even read the license? (obviously not one sentence) Which part of the GPL is violated by your failure to read the instructions and lack of knowledge of partitioning, boot managers and formatting? (the answer is "none").

I'd suggest you download a Live CD, burn it to a disc and run that. If you still subscribe to all those conspiracy theories remove the hard drive while running the Live CD, in fact it's probably safest as you need to learn a little about partitioning and formating.

WaelNovember 27, 2013 8:43 PM

@Someone from EU

I'll bet, the NSA is the first to audit the new Tor Appliance.
Tin hats are running thick these days, eh? Take off the tin hat, and explain to me why would they audit something they manufactured? :) Have you seen the required information they need to "activate" your nice little toy?

Dirk PraetNovember 27, 2013 8:58 PM

@ Nicholas Weaver, @ Gweihir, @ Silleal, @ Autolykos

This is, IMO, a BAD BAD BAD idea.

Yes and no. It's a bad idea in the sense that their marketing is insufficiently pointing out to a layman audience that using their appliance is only one part of the story. On their FAQ page, they do have a (very short) heads-up under "How can I ensure that my browsing is really anonymous?", but I kinda doubt that grandma knows how to disable Flash and Quicktime. They don't even mention JS, so they are in a way tricking their potential customers into a false sense of security.

On the other hand, general adoption by the general public of such appliances is upping the ante with the added benefit that the more folks are using Tor and deploying exit nodes, the faster it becomes. This is a good initiative, and I hope the folks at Cloud Engines are open for discussion with and suggestions from the Tor project and the security community to make their product better.

@ Bob S.

It turns out, there is a ftp leak via the vpn which revealed my real ip address,

DNS leaking is also a known problem with VPN's, anonymising and proxy services. You can check for DNS leaks at DNS Leaktest. DNS MITM attacks can also be made more difficult by implementing DNSCrypt, which is available for most industry standard platforms (Linux, BSD, OS X, Windows, jailbroken iOS, rooted Android etc.).

WaelNovember 27, 2013 9:18 PM

@Dirk Praet

DNS MITM attacks can also be made more difficult by implementing DNSCrypt,
Now that the communication channel between the client and the DNS has been secured, how do you trust the DNS? Can't it be a front for some TLA -- even if they claim "no logs", etc...? But to be accurate, you stated securing against a MiTM type, which this is not. A non trusted DNS "could" be a MaTE (Man at The End) problem.

Scott FergusonNovember 27, 2013 9:35 PM

@Wael


Now that the communication channel between the client and the DNS has been secured, how do you trust the DNS?

If the site hasn't bothered to setup DNSSEC you can't trust the DNS, and you probably shouldn't trust the site any more than I'd trust a business that couldn't be arsed setting up digital signatures for their email.

If they can't get those basic things right the "what else..." scenario should be applied.

That most sites (and businesses) don't practice basic security is reason for concern not evidence it's unnecessary.

15 million people believing a stupid thing doesn't make it less stupid.

Chris AgertonNovember 28, 2013 12:06 AM

Using the same browser for regular browsing and TOR browsing is a horrible idea. As it turns out, browser controls for privacy and stored state are not intuitive. For example, Google says it's okay that tracking-ids leak from regular browsing mode in to Incognito mode - just not the other way around. Huh? https://code.google.com/p/chromium/issues/detail?id=311296 (same thing works with FF)

Despite their vulnerability incident a few months ago, the guys packaging the Tor Browser Bundle are doing a pretty decent job. I'd really like to see an easy-to-use Tor browser distribution that spins up a clean VM each time you open a new session.

Scott FergusonNovember 28, 2013 12:51 AM

@Dirk Praet


On the other hand, general adoption by the general public of such appliances is upping the ante with the added benefit that the more folks are using Tor and deploying exit nodes, the faster it becomes.

Do you think?
More people using Youtube, streaming movies, and Bittorrent over Tor might just have the opposite effect.

But whether people use Tor or not they need to learn and practice proper OPSEC. My experience is that a significant proportion of people act like total dicks when they believe their actions are secret. I'm not even counting all those who will insist on using Ffffacebook and Fwitter at the same time (until they subscribe to the Snapchat leaves no traces myth).
I'd expect a lot of people may come to regret believing they can do what ever they want on the Internet because they've "bought secrecy" in a box.

Not saying that's a bad thing though, and not just because someones got to keep the private prisons filled.

noopNovember 28, 2013 2:22 AM

If this gets widely used it will kill Tor. This is for people without knowledge of how Tor works. They'll stream porn, use cloud services, bittorrent and ... over Tor.

Besides that: No word about exits able to watch the traffic of non encrypted connections. Poor non techies...

HoudaifaNovember 28, 2013 4:31 AM

Lesser known but open source!

ORP1 - An Open Router Project

"ORP1 is a secure, high speed networking device that maintains your online privacy simply, across all the devices in your home."

http://www.indiegogo.com/projects/...
http://www.theregister.co.uk/2013/11/26/...
http://www.zdnet.com/...
http://www.scmagazine.com.au/News/...
http://www.itnews.com.au/News/...

"ORP1 is a high performance networking router that allows you to run a firewall, IPSec VPN (virtual private network) and a Tor server for your home network. Its easy-to-use web interface will make encrypted and anonymised communications for your entire network easier to set up and manage. Now you don’t need to be a geek to be able to ensure that every device you use at home uses the internet with privacy, whether it’s your home PC, smartphone or tablet.

Why is the ORP1 device important? Unlike routers from other security vendors who have been caught helping government surveillance of their customers, the ORP1 hardware and software is open source to provide a system that you can trust - there’s no government-mandated back door for snooping."

Dirk PraetNovember 28, 2013 6:42 AM

@ Scott Ferguson

More people using Youtube, streaming movies, and Bittorrent over Tor might just have the opposite effect.

That would be a bit of a worst case scenario indeed, and one I hadn't thought about. Then again, the way the Bittorrent protocol works - or at least the way it is implemented in quite some applications - makes it almost trivial for an attacker to learn the user's true identity when using Tor, thus defeating the purpose. See also https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea .

Scott FergusonNovember 28, 2013 7:42 AM

@Dirk Praet

Then again, the way the Bittorrent protocol works - or at least the way it is implemented in quite some applications - makes it almost trivial for an attacker to learn the user's true identity when using Tor, thus defeating the purpose

Yes. And the other uses I mentioned are as discreet as shouting across a mall. But the majority of individuals I come across that want "internet privacy" (by which they mean secrecy) have those purposes in mind. Even when the implementation of tor is provided by their employer I frequently come across cases of them using Fffacebook at the same time, and of course they need to access their Live account to check their email....

I tend to generalize now - if they haven't taken the trouble to research how to use Tor then later conversations tend to include a lot of "yes I know but...".

OPSEC is everything. And the first rule should be compartmentalise.

My concerns are not really for the foolish, callous as that sounds, they're going to push the safety limits in any scenario regardless. While the chaff effect increases the cost of attacks - unfortunately it also makes other forms of attack more financially viable.
My main concerns are the "mass == gravity" effect where a preponderance of fools makes otherwise intelligent people act like idiots ("but everyone else does it!"). It's very hard to fully comprehend the implications of actions that may well be stored on the permanent record, and even the motivated and careful become careless over time. That and the possibility that attacks won't be direct - by which I mean that just because someone can't think of a reason someone would want to access their communications (or computer) an attacker may want to leap-frog from them to those they come in contact with*1 (whether one hop away or more). I'm guessing that those sort of indirect attacks wouldn't be completely random or they'd risk exposing methods so one possible means of increasing the returns might be to target those that use some level of secrecy (Tor use may make them a target). It's late, I'm tired and less than succinct, but the problem that Joe Six-Pack using Tor may create is similar to a world full of un-patched Windows XP boxes connected to broadband 24/7.
Already we have a number of wanna-be-millionaires trying to capitalize on the concern for privacy/desire for secrecy so this potential problem is just going to increase as those with a buck to make try and whip up the fear. I've had two approaches in the last couple of months with requests to come up with a product/service to "market that niche". In each case I haven't managed to deter their aspirations by pointing out major failings in the product/services they wish to offer - I very much doubt I'm alone in that experience.

*1
In Australia one agency tried to get legislation passed allowing them to attack computers that 'might' allow them to attack actual targets. Given my belief that almost all of this espionage is about business not law and order that would mean a lot of people not suspected of doing anything illegal would have their security breached so that their equipment can be used to attack others. Do I trust our spooks not to share that innocent business information with their allies? No, and some 70% of those involved in US espionage are companies, all of which have more than one client.

AutolykosNovember 28, 2013 8:18 AM

@stvs: I agree that plugging this thing in and running it as an Exit Node without asking or telling anyone isn't a good idea, and early adopters failing to RTFM will burn their fingers. But (yes, this sounds cynical) they can only catch and punish the first few unlucky fellows. Once this becomes somewhat common, they'll have to adopt a practice of dropping charges and accept "I'm running a Tor Exit Node" as a valid excuse for all kinds of suspicious Internet traffic.
So basically, noobs using this device in ways it's not meant to be will mostly hurt themselves, but may even benefit the network as a whole.

Scott FergusonNovember 28, 2013 8:59 AM

@Autolykos


...they can only catch and punish the first few unlucky fellows.

Huh?!
Who is going to "catch" Tor users? Punish?

Did I miss the meeting down at the docks where the lizard people's plans to arrest people for using Tor were revealed?

But seriously. Get a grip.

kingsnakeNovember 28, 2013 9:08 AM

On this day, give thanx for your Torkey. *rim shot*

Thank you, tank you. I will be appearing here all week. Please be sure to tip your wait staff ...

WinterNovember 28, 2013 9:09 AM

@Scott
"Who is going to "catch" Tor users? Punish?"

Autolykos wrote:
"I agree that plugging this thing in and running it as an Exit Node"

People running Tor Exit nodes can be caught very easily.

Nick PNovember 28, 2013 10:17 AM

@ Winter

Even arrested in some countries. Equipment can be seized as part of an investigation here as well. There is a nice guide on reducing risk:

https://blog.torproject.org/running-exit-node

Personally, I wonder why Tor hasn't been attacked more. The only thing that makes sense to me are two possibilities:

1. Most of the Fed's opponents have such crappy OPSEC it isn't that necessary.

2. The Feds have secret methods for deanonymizing Tor users due to inherent risks in how its used.

Recent news puts weight in both directions. Hard to tell. I wouldn't rely on Tor alone for anonymity. And if I used a Tor exit node, I'd build it into a hardened router, configure it to ensure plenty of traffic, and connect my private PC directly to that. This way, they couldn't tell which traffic was mine and which was other people's.

That last point kind of goes against the advice in the article but I think it's necessary for deniability. There must be no way for them to remotely see a connection between the private user's traffic and tor traffic in general.

WinterNovember 28, 2013 10:44 AM

@Nick P
In the past the Tor web site said that if you run a Tor node, all your Tor traffic would enter the Tor network directly, without being visibly "ingoing". They do not have this text anymore. I am not sure whether that is a plus or not for your security.

I do not know whether your "normal", in the clear, traffic would be indistinguishable from the traffic from the exit node. Neither whether that helps when the TLA's start to follow you.

AnuraNovember 28, 2013 12:08 PM

@Nick P

Yeah, the advice in the article is really just about if your node starts getting blocked, or your ISP shuts you down, you would be SOL. In an ideal world, everyone would run an exit node and everyone would use Tor, so that this wouldn't be possible. But we are not in an ideal world, cest la vie.

Bauke Jan DoumaNovember 28, 2013 12:58 PM

Can anybody enlighten me what gaq is that I see in the Safeplug's web page sources?

Nick PNovember 28, 2013 2:20 PM

@ Bauke Jan Douma

The Javascript file it's in mentions "page views" and "referrer." The JS file's domain is also a CDN. Looks pretty ordinary to me.

BPNovember 28, 2013 2:47 PM

Scott Ferguson. You have no idea what you're talking about. You don't know what's on my drive nor did you read the whole thing. I know.

grisuNovember 28, 2013 3:43 PM

Bruce Schneier said:

But it's a fascinating proof-of-concept of encapsulating security so that normal Internet users can use it.

Cloud Engines Inc. says:

2. Direct your web browser to pogoplug.com/safeplug and click on Activate to begin using your Safeplug"

There can't be any reasonable "concept" which inherits some kind of data handshake with the distributor of a so called privacy device.

I don't see any "proof-of-concept". On the contrary, mon generale.

Scott FergusonNovember 28, 2013 7:05 PM

@Winter


People running Tor Exit nodes can be caught very easily.

Which has the same relevance as saying "people using email can be caught very easily". Which is - none.

At this point no one is being arrested "for running Tor exit nodes". Nor are there any indications that this will happen in countries where owning a computer is not considered suspicious despite the number of Henny Penny's foretelling this (and the coming Zombie apocalypse).

Yes. Tor exit nodes are detectable - so is use of Tor. Deal with it rationally instead of conflating the 'possible' future risks and current realities. You're ducking and no one is firing. Wait till the war before you develop shell shock.

Half the reason this regime exists is because of fear of imaginary threats whipped up by the uninformed. How if perpetuating that helpful?

People don't get arrested for running Tor. They get arrested for the things they are running on Tor (most recently a kiddie porn distributor).

@BP

I know.

Sadly, patently and demonstrably, you don't. The "spying" on your hard drive is made of the same stuff as your technical ability.

kashmarekNovember 28, 2013 9:27 PM

Off-topic: Google wants to write your social media response for you (from Slashdot)...

http://tech.slashdot.org/story/13/11/28/234253/...

How long before they start sending them for you, WITHOUT YOUR KNOWLEDGE. Though, it might be interesting to apply this to that other big social network, potentially flooding it with automated "bot to bot" messaging. That is, a couple of (hundred) thousand robot users automatically spewing at each other, knowing or not knowing the others are bots. Shades of Liza (Lisa?)

If one used this for a personal account, it might be something awkward to come back later and see (find out) what your avatar said for you. It reminds me of some early Tivo analysis that profiled a user as member of a certain group and began automatically recording shows for his new "profile" and presented them for later viewing. Gulp...

Ha ha ha ha...actually not funny at all. What could possibly go wrong?

Scott FergusonNovember 28, 2013 10:54 PM

@kashmarek


Off-topic: Google wants to write your social media response for you (from Slashdot)...
How long before they start sending them for you, WITHOUT YOUR KNOWLEDGE.

Answer: most probably - never.
Notice how the quoted article doesn't say anything about writing your social media response? (what, you didn't read it? shock, horror, sarcasm).

Google has filed a patent for a process that scans your previous replies to look for common short responses.

So? The patent is for a process that'll offer you, wait for it... the same function my phone does already. "Pick a quick answer from a list" as a reply to any SMS or email. e.g. "thanks, I'll get back to you shortly" "thanks I value your correspondence and look forward to replying when I'm able to give it the time it deserves".

Should I freak out about LG automatically contacting people on my behalf?


Essentially, the program analyzes the messages a user makes through social networks, email, text messaging, microblogging, and other systems. Then, the program offers suggestions for responses, where the original messages are displayed, with information about others reactions to the same messages, and then the user can send the suggested messages in response to those users.

(O'nose Evil reads my gmails)

Real news (same ol same ol):- Poor comprehension skills and over-excited imaginations misunderstand and extrapolate to the point of absurdity.

TooLazy;Don'tResucitate
Slashdot - a linkbait site frequented by shills for people who don't read the referenced article. Sort of the "Today Tonight/A Current Affair" for short attention spans in a forum format - "don't go to the bathroom until you read this" (I'm looking at you soulskill).

BryanNovember 29, 2013 12:18 AM

On Tor. I'm surprised nobody mentioned the chaos of just sticking a few of these boxes around on random networks as tor exit nodes. LOL

WinterNovember 29, 2013 1:55 AM

@Scott Ferguson
"People don't get arrested for running Tor."

That was not my point. They never arrested me for running Tor nodes, not even exit nodes.

However, people who ran exit nodes did get into trouble. That was the point of the original parent.

And yes, the courts have wizened up and now know the difference between an exit node and a perpetrator. But we know that in some jurisdictions they are not after the guilty criminals, but just want to fill prison cells.

Clive RobinsonNovember 29, 2013 3:00 AM

My concern over this little toy is that it adds legitamcy to the TOR network it does not deserve and dut to the well known "capture effect" of "first to market" on the Internet it will give further life to a broken system at the expense of new more secure systems comming through.

TOR is not secure it's easily and trivialy open to traffic analysis when you consider the scope of the NSA, GCHQ, et al network hoovering. But even that is not required as has been demonstrated easy javascript attacks work effectivly against TOR users.

And this raises serious issues about an end users client application, web browsers are not secure in any meaningful way and this alone will allow Onion / Mix network users to be "de-cloaked". To resolve this the client app would have to be "single connection" use only (as recommended by some for e-Banking use) and only with a hard VPN configuration.

Scott FergusonNovember 29, 2013 4:07 AM

@Winter


That was not my point. They never arrested me for running Tor nodes, not even exit nodes.

I know. ;)

You responded to my post. My preceding post was not a response to your preceding one. I was responding to the, um, Neurotic, Unrealistic & Terrible post that piggy-backed on yours.

Did you miss the @Autolykos bit? :)

Am I offended by your confusion? No, and neither should you be.

Apropos of little, I very much enjoyed reading Bruce's latest book. Sadly some of the posters (not you) here clearly haven't read it or even bother to grasp the implications of the title.

Tricky stuff. :)

WinterNovember 29, 2013 4:43 AM

@Scott Ferguson
"Am I offended by your confusion? No, and neither should you be."
Neither was I.

@Scott Ferguson
"I very much enjoyed reading Bruce's latest book."

So did I. I see it as a good companion to "The art of deception".

Mike the goatNovember 29, 2013 5:14 AM

Winter: ... Or running an exit node on the same IP that you /do/ use for illegal actions, kinda like a new take on having an open WiFi hotspot to blame.

Clive: exactly. Tor is fundamentally broken, especially for those who are contemplating running a hidden service.

WinterNovember 29, 2013 6:17 AM

"Clive: exactly. Tor is fundamentally broken, especially for those who are contemplating running a hidden service."

My understanding was always that security is relative to the effort that can be recruited against you.

Against a multi-billion dollar adversary controlling a large part of the communication structure, no chance. But against random opponents, you can raise the bar significantly.

In short, I see no point trying to protect against the NSA or GBHQ. But they are not my most likely adversaries.

Tor helps against quite a number of adversaries, just not against the big boys.

Scott FergusonNovember 29, 2013 6:19 AM

@Winter

"The Art of Deception: Controlling the Human Element of Security", haven't read it, just bought it, will read it over the weekend (if I get a chance). Thank you.

May I recommend a little light reading for the coming holidays:- "Blowback: The Costs and Consequences of American Empire" by Chalmers Johnson, "Deep State: Inside the Government Secrecy Industry" by Marc Ambinder & D. B. Grady, "Spying on Democracy" by Heidi Boghosian, "The Sorrows Of Empire: Militarism, Secrecy, And The End Of The Republic" by Chalmers Johnson, "The Value of Violence" by Benjamin Ginsberg, "The Watchers: The Rise Of America's Surveillance State" by Shane Harris, and particularly:-
"Broker, Trader, Lawyer, Spy: The Secret World of Corporate Espionage" by Eamon Javers - the history of corporate espionage to the present day including the companies staffed by ex-FBI, KGB, Mi5, the Secret Service, and, past and present (moon-lighting with approval) CIA officers. The same companies which are utilized by the NSA.

WinterNovember 29, 2013 6:25 AM

@Scott Ferguson
"May I recommend a little light reading for the coming holidays:-"

Nice list for my stocking. I just heard Simon Davies complain about all the ex-FBI guys who switched to the private sector and are undermining any remaining privacy in corporations.

duneNovember 29, 2013 8:04 AM

Go on pfsense and m0n0wall sites, look at supported hardware vendors. Buy one of those boxes and either use pfsense or install OpenBSD on it and configure the pf firewall to block anything not routed to localhost(tor port) and to scrub incoming traffic. Done

Clive RobinsonNovember 29, 2013 8:29 AM

@ Winter,

    Tor helps against quite a number of adversaries, just not against the big boys

At best that's a "here and now" comment, it won't be true in the very near future even in the unlikely it's true today (which I doubt for various reasons).

The first two things to consider are,

1, There is significant money to be made by a commercial organisation that comes up with a half way reasonable way of de-cloaking TOR. Basicaly any dodgy countries rulers will pay just about any sum of money to stay in power, and with underlying technology costs halving around every nine months in this area, you can be certain it will (if not already) be on sale very soon.

2, The "big boys" budgets have to be justified, and lets be honest there are not the terrorists to do it that's why the FBI is "inventing / manufacturing" them and the likes of Alexander lying through their teeth about the number of plots foiled (between 0 and 3 depending on who you beleive). So we are already seeing intel gained at best questionably (ie illegaly) being fed across to LEA's like the DEA with LEO's being tutored in "parellel construction". I fully expect this to quickly become a major justification just as has been seen with the TSA touting crime stopped not terrorist stopped figures. This is going to become both easy and normal as quickly as the likes of D Finklestein can push the legislation through on some unrelated pretext.

So arguably we are at the lip of a very steep and slipery slope that is in reality more like a gapping chasim. Once the decent has began (if not already) the ride down will be unstoppable due to the way politics and money work in the US (think back to RapeMi-Scanners etc). What we do know is once started the need to profit from a design will bring it's price down and it will be as widely deployed as a "blind-eye" to exports will alow to maintain the money flow, just as we see with the Arms Industry.

TOR is not upto protecting people from themselves and "parallel construction" will become the norm, and LEA's will become hooked on it just like any other "easy-fix" addict, and once they start lying about "sources and methods" how do you know or trust anything else they say and do esspecialy as we have seen the FBI trying to "fit-up" deluded and almost certainly boarder line mentaly ill / educational sub normal people.

We only have to look at Saudi and Dubi to see how people can be "fitted-up" illegally "asset stripped" and likewise their "rights stripped". Similar is seen in Mexico, and with the Proceads Of Crime Act (POCA) in the UK we have seen the same for quite a few years. I'm assuming the US has similar legislation tucked away in things like RICO etc, in fact it's already been said about a certain Obama appointee who drove Arron Schwartz to suicide. The MO is easy to spot, find somebody who is asset rich but cash poor and hit them with biased court cases to make them effectivly bankrupt and take their assets, talk it up as a "win for society and Justice" and use it to further both your political and financial carreer.

It's the new game of "revenu by fines etc" rather than taxation because as a look in any newspaper will tell you the politico's have so overburdened the tax base it's emigrating out from under them, and "making crime pay" is the new mantra but it's only aimed at those who can be asset stripped quickly and proffitably (which is the middle classes not the real criminals at the top or bottom).

WinterDecember 1, 2013 6:40 AM

@Clive
I am not sure what you are trying to say. Should we not use locks/Tor because they can be picked/deanonymized?

And parallel evidence construction and legal robbery (asset stripping) are political problems. You cannot correct a dysfunctional legal system with technology.

AutolykosDecember 2, 2013 7:33 AM

@Scott: Nick P already explained my point pretty well, but since you addressed me personally, let me clarify:
No, they *technically* do not arrest you and confiscate your hardware for running a Tor Exit Node in any civilized country I know of. They do, however, seize your hardware and press charges because some traffic from the Exit Node *will* go to sites with illegal content of various sorts (or honeypots). In some places, this may be enough to prosecute you as an accessory. And even if the charges are dropped eventually, that's still a lot of trouble (and expenses) to risk.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..