Forgot your password?
typodupeerror
Encryption Privacy The Internet

Tor Now Comes In a Box 150

Posted by Soulskill
from the boxes-lend-credibility dept.
Daniel_Stuckey writes "Tor has been in the spotlight lately as a way to keep prying eyes away from your online activities. However, to your average internet user, the covert network of relays and whatchamacallits can come off as too complex and intimidating to bother with — even as people are increasingly concerned with their online privacy in light of the NSA scandal. So goes the thinking behind Safeplug, a new hardware adapter that basically puts Tor in a box. It takes 60 seconds and 50 bucks to plug the privacy box into your router, and you're good to go, the company claims. Like anonymous browsing for dummies. The adapter comes from hardware company Pogoplug, which announced its new product yesterday and hopes it will bring Tor to the mass market by offering more consumer-friendly access. 'We want to just take what is currently available today to a more technical crowd and democratize it, making it easier to use for an average user,' CEO Dan Putterman told GigaOM."
This discussion has been archived. No new comments can be posted.

Tor Now Comes In a Box

Comments Filter:
  • by Zemran (3101)

    Have you installed TOR on a winders box recently? It is not complicated and certainly does not need a geek to help you.

    • Re: Make it easy? (Score:4, Insightful)

      by Anonymous Coward on Friday November 22, 2013 @02:38PM (#45493951)

      The difference being that you have to install tor in every single device you are using, with this box you anonimize the whole traffic of your network, anyone using your WiFi is automatically routed through TOR.

      • Re: Make it easy? (Score:5, Insightful)

        by Damarkus13 (1000963) on Friday November 22, 2013 @03:38PM (#45494633)
        But, how does it do that. The article and even the Safeplug website do not explain the mechanism it uses to redirect your traffic to Tor. There aren't even any pictures of the back off the device that I can find.

        Does it sit between your gateway and your router, and transparently redirect all packets to the tor network?

        Do you just plug it into a router port and point your devices at it as a proxy?

        Where is the source code? If we're going to be paranoid enough to use Tor for everything, shouldn't we demand to audit the code for security holes and possible backdoors?

        It just seems like a product without a niche. Most users have no desire to use Tor, and those that do are typically savvy enough to set it up themselves.

        • I don't see how it is so hard to understand for you, it is very simple, it is a router that connects to tor. It is super practical to anonymize a whole LAN in a single shot.
          • Re: (Score:3, Informative)

            by bobthecow (67269)

            Because the information provided isn't sufficient to understand what the box actually does. Does it act as a DHCP provider? How would my devices know to use it? Since it sits inside the network, how would devices which want to use it know its there? Do I have to update proxy settings on browsers?

          • by Anonymous Coward

            A router that connects to Tor, or a router that claims to connect to Tor? :)

        • by makomk (752139)

          It almost certainly just acts as a transparent proxy that intercepts connections and DNS requests and sends them through Tor - there's already support in the Tor client for doing this.

      • Re: Make it easy? (Score:4, Insightful)

        by hairyfish (1653411) on Friday November 22, 2013 @04:10PM (#45495071)
        Or automatically routed through any proxy the supplier chooses right? I mean how would you know if this doesn't just send all traffic to a pseudo TOR network setup by the NSA which captures everything you do?
        • Re: Make it easy? (Score:5, Interesting)

          by ShaunC (203807) on Friday November 22, 2013 @06:07PM (#45496433)

          I mean how would you know if this doesn't just send all traffic to a pseudo TOR network setup by the NSA which captures everything you do?

          AKA half of Tor, I'd imagine. The point of Tor has never been to evade detection by the NSA. It's to anonymize your internet traffic to prevent the destination service operator from knowing who/where you are. It's essentially a chain of "legitimate," marginally highly-available TCP proxies that anyone can use without having to create or rent a botnet. Hidden services are a nice side effect, or at least were until Silk Road's compromise spooked everyone.

          That said, your point stands: there's not enough information about how this magic box works.

    • Re: Make it easy? (Score:4, Informative)

      by supersat (639745) on Friday November 22, 2013 @02:40PM (#45493987)
      One of the problems with that is that sometimes your real IP can leak out. For example, if you visit a page that installs the FBI's CIPAV malware, it will bypass Tor and report the real IP. If all traffic is routed through Tor by another device, this won't work.
      • by Anonymous Coward

        Sure - if you have malware, all bets are off. So don't use malware, then. "A page" never ever installed anything on my computer - the advantage of not using microsoft products.

        • Freedom Hosting's compromise was used to host an exploit for Firefox. The shellcode used Windows calls, but it was Firefox that was executing them, meaning it had all the rights that Firefox itself had, meaning it would probably have worked fine on any other OS with a little tweaking. But alas.
      • You can use Whonix in virtualbox. It basically replicates this setup, where you have a gateway VM and a workstation VM. The workstation can only access the Internet through the gateway. So if the workstation is compromised it still can't leak your IP.

      • by Gothmolly (148874)

        And what IP is going to be reported when the Tor gizmo on your same cable modem NAT hits the internet? Wait for it... your cable modem IP. Either that or 192.168.1.2, which I hear is a popular one.

      • by Anonymous Coward

        Another case of the perfect being the enemy of the good. Technology does not have have to be perfect for it to be useful, furthermore there is always a cost/benefit tradeoff. Even locks that are easy to pick and windows easily broken are useful. I know that most of you have a condescending attitude towards users who are unconcerned about internet privacy. It may well their cost benefit tradeoff is far more reasonable than yours.

      • Unless you have a firewall to block normal internet traffic, and only allow tor traffic to go through. In that case, even if your box gets compromized, there is no way of launching a side-channel attack.
      • by MrEricSir (398214)

        One of the problems with that is that sometimes your real IP can leak out. For example, if you visit a page that installs the FBI's CIPAV malware, it will bypass Tor and report the real IP. If all traffic is routed through Tor by another device, this won't work.

        There's a much easier way to to leak your IP over Tor -- use UDP. Or anything other than TCP, for that matter.

    • by Anonymous Coward

      And you can use SelekTOR (google SelekTOR Exit Node) which makes it even easier.

      • by hacker (14635)

        No source.
        Non-free.
        No Mac version.
        Nothing for mobile devices.

        No thank you.

    • Re:Make it easy? (Score:4, Informative)

      by Splab (574204) on Friday November 22, 2013 @03:33PM (#45494585)

      The TOR busts the FBI did earlier this year was malware infecting windows users using outdated versions of TOR (for windows).

      A TOR AP makes very good sense, since you can easily change MAC adr. local IP etc. to something other than the normal network, making leaks very hard to use.

    • by Anonymous Coward

      Clearly the benefit of a plug like this isn't at home. Bring down the price and size a notch and it will be ideal to hide at libraries, schools and other places that can't be traced back to you.
      Suddenly there is a whole bunch of tor nodes in your town that you can connect to, all of them used for completely legal stuff.

    • Have you installed TOR on a winders box recently?

      You don't even have to install it (for web browsing at least).

      https://www.torproject.org/projects/torbrowser.html.en [torproject.org]

  • by finkployd (12902) on Friday November 22, 2013 @02:34PM (#45493903) Homepage

    We now turn to Admiral Ackbar who I believe has a comment on this development....

    • Indeed, "Safeplug" just makes me think of "PATRIOT" as one of these words that should make you scrutinize whoever says it.

    • Re: (Score:2, Funny)

      by oodaloop (1229816)
      Does it involve being able to repel firepower of that magnitude?
  • Roll your own (Score:5, Interesting)

    by pegr (46683) on Friday November 22, 2013 @02:35PM (#45493913) Homepage Journal

    Wireless Tor AP built with a Raspberry Pi: http://learn.adafruit.com/onion-pi/overview [adafruit.com]

  • i like the idea of a $50 plug and play box for tor, but how is this different than using a browser plugin? a serious question, not being rhetorical.

    • by Anonymous Coward

      Ease of use, flexibility with non-browser applications and devices (SSH, FTP, tablets, phones, etc.)

    • by Sqr(twg) (2126054)

      One difference would be that this works for every piece of software on every computer that you connect to the network after the box - not just one browser.

      This can be good or bad. You may be doing something very secret on your secure, anonymous computer. Then an insecure app on your iPhone opens an unencrypted connection to some server and tells the tor exit node who you are.

      • I guess you mean the host /after/ the tor exit node.
        • by Qzukk (229616)

          No, in his scenario, the tor exit node is run by a government that is watching all the traffic come out. Then they see your iPhone connection come out with your name, phone number, GPS location, etc. and can match that to all the other streams of data coming through the same circuit.

    • by Fnord666 (889225)

      i like the idea of a $50 plug and play box for tor, but how is this different than using a browser plugin? a serious question, not being rhetorical.

      Well, for one thing the "tor in a box" won't be there if you connect to the internet anywhere other than your home network.

  • by Anonymous Coward

    It's untinkable that the Mighty Tor could be trust into a box such as tis.

  • It isn't nice to refer to her as a "box". I hope he's using a condom.
  • by Anonymous Coward

    Their other products phone home because they are really in the business of selling online services, not network hardware.

    • Their other products phone home because they are really in the business of selling online services, not network hardware.

      I always just had issues with their name... does their network hardware go up and down all the time?

    • Yea, but this one doesn't phone home.Thanks to a "National Security Letter" it phones directly to the NSA. Not that it maters, since the NSA is closely monitoring all of the TOR portals anyway.

      Security Theater, it's not just for airports anymore.

    • by melikamp (631205)

      Their FAQ says the following about why safeplug is secure:

      .
      .
      .

      Oh, wait, it doesn't say anything. No description of the software, no developer access, "activation"? WTF is that? This is just another spy box, folks, just like your cellphone and your self-encrypting storage unit.

  • Sounds good (Score:4, Insightful)

    by Kardos (1348077) on Friday November 22, 2013 @03:00PM (#45494249)

    But we're going to need a lot more tor nodes, particularly exit nodes

    • by Korielus (3441269)
      The number of exit nodes really depends on the country some have plenty others not so much. I use SelekTOR myself which can be found here http://www.dazzleships.net/ [dazzleships.net] which lets you choose your exit node and also uses URL pattern matching which allows you to bypass a lot of geographic web blocks and watch UK tv for free.
      • Do they broadcast BBC4 online? I haven't seen a new episode of Top Gear in months.

        That alone would be enough to get me to use the software.

        • by Korielus (3441269)
          Everything that is available via the BBC iPlayer website is available using SelekTOR and the dowloadable media patterns, also gives access to ITV and Channel 4 catchup and unblocks various torrents sites that have been blocked in the UK. You can also create your own URL patterns.
    • by Hatta (162192)

      Rather than exit nodes, we need a lot more dark net content.

    • by StikyPad (445176)

      You first.

  • I honestly didn't know people still used Tor.

    Last I tried it, it necessarily slowed my Net connection down to essentially unusable because of an obvious lack of "exit nodes". Besides, all it does is add some very, very simple obfuscation to what you may be doing on the Net. It doesn't in any way provide any meaningful protection. The nature of TCP/IP precludes true anonymity. People pursuing anonymity through TCP/IP are the same kinds of people looking for perpetual motion machines.
    • Lol, it's so funny reading you speak of "the nature of TCP/IP" with such blatant ignorance of the actual things involved. Obvious trolling, dude. Go to twitter.
      • by DogDude (805747)
        You clearly have never read a RFC. You should consider learning a bit before spouting off at the mouth.
    • Most uninformed post of the entire story? Only time will tell!
  • Overkill? (Score:5, Interesting)

    by RevWaldo (1186281) on Friday November 22, 2013 @03:23PM (#45494481)
    Do you really need to anonymize everything 24/7, like when you're watching Netflix? Doesn't that extra traffic overload the Tor network?

    .
    • by Anonymous Coward

      I don't want anyone to know I watched Sharknado

      • by Kardos (1348077)

        Sorry Tim, we already know you what you watch, you paid with your credit card remember?

    • by Kardos (1348077)

      Netflix accounts aren't anonymous, they already know everything you watch.

    • by Anonymous Coward

      Yes; you want to be able to hide the suspicious data inside the mundane. Makes it harder to figure out how to spend resources tracking you.

      The only reasons this might be bad are for fear of overloading the network, and the latency.

  • by Hatta (162192) on Friday November 22, 2013 @03:29PM (#45494563) Journal

    Tor is not a magic bullet. Anything you send over Tor can be intercepted by an exit node. If you send any identifying information over Tor, all the onion routing in the world won't help you. You can easily do this accidentally, all it takes is for you to visit a page with a google or facebook script on it. You can't just plug into Tor and expect it to take care of everything for you.

    The only way to use Tor securely is to partition your Tor activities from everything else you do. This is most easily accomplished with a separate computer, or a VM used only for anonymous activities. Remember, it only takes one slip up and you are identifiable. That's how they got Ulbricht, and they can get you too.

    A box that you plug into and forget about is going to provide nothing but a false sense of security. Bad idea.

    • Exactly what I was going to post. If you don't take care of how you're using Tor, it will probably do more to flag you as "interesting" for the authorities to investigate further than protect your anonymity.

      Not a Tor user, btw, if the NSA is listening. ;)

    • A box that you plug into and forget about is going to provide nothing but a false sense of security. Bad idea.

      C'mon, half of the users are going to plug it into their router, then just go on using their WiFi connection, believing that they're now secure.

  • by hAckz0r (989977) on Friday November 22, 2013 @03:40PM (#45494655)
    When you can just pop in a TAILS LiveCD why do you need to buy hardware?

    https://tails.boum.org/ [boum.org]

  • You can buy Adafruit's version already built with US and US intelligence friendly exit nodes excluded here for only a few bucks more PAPARouter [paparouter.com]
  • This will probably just wind up getting me banned from WoW for "suspicious activity".

    • Herbs, potions, strange foods to amplify strencth and intelligence, spells to turn people into sheep, you're already on the FDA's shit list, buddy!

  • by fufufang (2603203) on Friday November 22, 2013 @04:42PM (#45495515)

    It is so much better to let the exit node owners to monitor your traffic right? Ok fine, they can't trace it back to you, but do expect every malicious thing possible to be done on your traffic.
    http://arstechnica.com/security/2007/09/security-expert-used-tor-to-collect-government-e-mail-passwords/ [arstechnica.com]

  • And you in a jail cell, if you host an exit node on it. Remember kiddies, you are responsible for what comes out your pipe.

  • The kind of people and activities that need TOR to provide extreme anonymity need significantly more than just TOR alone to do it effectively. This seems like it could lull people into assuming otherwise.

"Well, social relevance is a schtick, like mysteries, social relevance, science fiction..." -- Art Spiegelman

Working...