Tor-Enabled Browser For the iPad, and Easy Tor Nodes on EC2

An anonymous reader writes "While there has been a port of Tor for jailbroken iOS devices for a long time, there was no way to use it if you did not want to lose your warranty. Now it looks like Apple has approved a Web browser for the iPad called Covert Browser, which includes a Tor client. If you look at the first screenshot on the author's page it looks like you can even select the Exit node. According to App Shopper it already hit place 64 in the iPad/Utilites category." And from another (of course) anonymous reader comes a link to CmdrTaco's take on another instance of Tor breaking into the world of "real users." As he notes, the Tor Cloud Project has posted simple instructions for installing EC2 Tor nodes using free-tier VMs (or paid nodes for roughly $30/month).

Can you choose the exit node?

[1s44c]

I didn't think there was any way to select the exit node with TOR. Is this possible?

Re:Can you choose the exit node?

[GameboyRMH]

Oh yes:

http://slashdot.org/journal/269014/how-to-bring-the-cops-to-tor-exit-node-operators-doors-using-the-exit-feature [slashdot.org]

I2P doesn't allow this, and changes exit points more often.

Re:

[m50d]

It's already the case that if you're running an exit node, someone can do something very illegal via your connection - and that's always going to be the case with any system of this kind. So while that journal is kind of interesting, I don't think it really changes the proposition any.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[m50d]

I'm not saying that can't happen, I'm saying how is Bob at any more risk from that than without it? If Bob's worried about getting sent to prison because lots of CP gets downloaded through his connection, that's going to happen any time he runs a tor exit node (or I2P, or any similar system), with or without this behaviour.

Re:

[HermMunster]

YOU DO NOT LOOSE YOUR WARRANTY UNLESS, your modifications were directly and significantly attributable to the malfunction of the device. This is established law. Jailbreaking is does not violate your warranty. There's even an exemption to the DMCA to allow you to break it to enable other content and providers.

Covert Browser is closed source

[Weezul]

A priori, Covert Browser cannot be trusted nearly so much as the real Tor project because Covert Browser is closed source. You might trust Roger Dingledine personally though because he's a big wig in the Tor Project. I'd hope he permits others within the Tor Project to review his code and he verifies that Apple hasn't recompiled Covert Browser with modifications.

Re:

[Weezul]

There is more discussion about Cover Browser being closed source on metafilter.org [metafilter.com]

Many Tor nodes on one service - good idea?

[GameboyRMH]

Is it just me or does clustering a large number of Tor nodes in a small handful of commercial data centers sort of defeat the purpose when it comes to packet sniffing, anonymity (commercial service has physical + RAM access) and bypassing regional censorship?

If user A goes through Tor node B and exits at node C, and B and C are both hosted on EC2 where everything that happens on B and C could be secretly logged for all we know...A isn't very anonymous is he?

Re:

[mfreed]

There *is* real privacy concern if many Tor nodes move to one cloud provider, and particularly if the Tor nodes are the first and last hop of the chain. In fact, we have a project called "Cloud-based Onion Routing" (COR) that looks at this problem.

COR discusses some policy approaches to make deployment on *multiple* cloud providers safer, as well as introducing another layer of indirection that makes Tor/COR market-friendly: We can sell (or give away) access to this higher-performance COR network, while sti

Re:

[mfreed]

I was pointed to the fact that Tor Cloud nodes are only relays, rather than guard (first) or exit (last) nodes in the Tor circuit.

    http://news.ycombinator.com/item?id=3236580 [ycombinator.com]

This obvious limits some of the concerns...but it's the number (and bandwidth) of guards and exits that is much more a problem in Tor than the number of relay-only nodes.

Is Tor even viable anymore?

[kheldan]

I seriously question whether Tor is even a useful service anymore. Any government spook agency can start up a whole fleet of exit nodes, and mine the data they get through them, as can anyone else, really.

Re:Is Tor even viable anymore?

[GameboyRMH]

That's true for plaintext traffic, but if you use HTTPS with an anti-MITM plugin like Perspectives/Convergence, and assuming the government in question can't get free and easy access to the site's private key (big assumption, I know), then traffic sniffing isn't possible.

More importantly, it can make connections untraceable, and if you don't send any identifiable information through the connection, then it doesn't matter if the contents can be seen.

That said I think I2P is better both for darknet hosting and anonymization, it has a number of technical advantages over Tor.

Re:

[Rich0]

I think that snooping is going to be a bit harder than some think unless a government is willing to sniff every connection on the network. Now, if half of the relay nodes end up on EC2 as a result of this article then that is a different story - if Amazon lets them snoop the RAM of these nodes without a warrant then they can probably get the keys to half the network.

My understanding is that most of Tor's weaknesses stem from one of its requirements - providing access to the general internet. It has many c

Re:

[bonch]

Well, nothing on the internet is truly anonymous. At best, you can just throw up roadblocks.

Re:

[GameboyRMH]

Even if that were true (which it's not), an open wifi AP within driving distance of you is the mother of all roadblocks.

Re:

[GameboyRMH]

If you already have your neighborhood overrun with spooks tracking everything that goes in and out of your house, you have bigger problems.

Re:

[bonch]

Even if that were true (which it's not)

It's absolutely true. In fact, an open WiFi within driving distance of you means you were capable of using it, which could be another piece in a case against you.

Re:

[GameboyRMH]

It's absolutely true. In fact, an open WiFi within driving distance of you means you were capable of using it, which could be another piece in a case against you.

In the case against me? And they picked me, John Q. Randomdude, as the suspect because ???

Re:

[bonch]

In the case against me? And they picked me, John Q. Randomdude, as the suspect because ???

Any number of reasons already stated in this discussion that might lead to your exposure to a government. If you're within driving distance of a specific unsecured wifi, you can no longer convincingly deny that you would even be using that wifi, and it becomes another piece in an investigation. You're a fool if you think you can truly be anonymous on the internet. All you can do is throw up enough roadblocks to make yourself not worth going after unless you've done something truly egregious.

Re:

[GameboyRMH]

Still doesn't answer the question. See here:

http://yro.slashdot.org/comments.pl?sid=2527036&cid=38063106 [slashdot.org]

Re:

[Synerg1y]

OPs method is pretty anonymous. How would you reverse it? You'd have to get caught on camera somewhere, say if you walked into the library to use it and they had security cams and the investigator pulls the tape assuming its still available and sees you physically there using the wifi, but I think OP is talking a little more remote than my simple example. Further, if you access an AP and it logs your MAC, the MAC record can be traced to your NIC's MAC. macmakeup.exe takes care of this in under 1 mb of h

Re:

[Synerg1y]

But u cant load backtrack or any of the related software, why would you try to crack an open AP? Laptops are still quite useful, they ship with i7s nowadays if you have the $. Helps a lot when your time is worth something :)

Re:

[badkarmadayaccount]

Or directional antennas and overpowered amplifiers.

Re:

[GameboyRMH]

ARREST TEH PHONE TERR'ISTS!

Re:

[bonch]

Posting in all caps refutes arguments on the internet.

Re:

[bonch]

Yes, that's why I said piece in a case against you. It places you in that location and means you were capable of using that wifi.

Re:

[GameboyRMH]

But how would this make me different from anyone else in the world who is capable of using open wifi?

I don't think you understand how this works.

Re:

[GameboyRMH]

Addendum: I think I understand what you're thinking.

You're thinking that I meant using the open wifi AP was going to be the only anonymization measure. Well that's silly, I was thinking something more like using Tor while on an open wifi AP.

But never mind that. Let's say the open wifi AP is the only measure. Does living within driving distance make me a suspect? What about the hundreds of thousands or millions of other people within driving distance, including international travellers? By your logic no murd

Re:

[bonch]

Then be specific about what distance you're talking about. A certain wifi being only two or three blocks away ("within driving distance"), combined with circumstantial evidence against you, gives investigators another piece to their puzzle.

Re:

[cheekyjohnson]

How would they get circumstantial evidence against you? That aside, what does this have to do with anonymity on the internet? Them saying that you're within driving distance of an open WiFi doesn't mean that there is no anonymity on the internet (not that I am saying that there is).

Re:

[GameboyRMH]

You drive an old electric golf cart? Well this explains a lot.

Also outside of America, 2 or 3 blocks is called "walking distance."

Re:Is Tor even viable anymore?

[CastrTroy]

Not only that, but I find that there's a lot of nefarious traffic going on over TOR. Last few times I've tried it, visited 4Chan, and found that the particular IP of my exit node had been banned for uploading child porn. Now i realize that every technology like this will have bad uses and good uses. but I'd think twice about hosting an exit node, unless you enjoy the SWAT team knocking down your door at 3 AM.

Re:

[Anonymous Coward]

Hasn't happened that many times from what I've read. Just a handful of incidents to report. I have run an exit node. I haven't run one for more than three or four months. This was a US exit node. The thing you will get if you run an exit node that isn't properly setup is RIAA/MPAA dmca take down requests. The requests don't make any sense since you aren't hosting anything. Your ISP is unlikely to accept this though so you do need to set it up properly; All your ISPs cares about is not getting those stupid r

Re:

[spazdor]

Why would anyone access 4chan through Tor except to upload child porn?

Re:

[CastrTroy]

Because in some countries any kind of porn is deemed illegal, as is much of the conversation on 4chan. 4chan is the home of "anonymous". In some places just visiting sites with such associations could lead to an investigation if someone doesn't like you. Personally, I was just testing out Tor and visited a bunch of sites, some for no particular reason at all.

Re:

[Pseudonym Authority]

Ban evasion.

Re:

[icebraining]

There's always hidden nodes. No exit nodes needed.

Re:

[mmcuh]

That has always been possible. The only thing Tor tries to provide is anonymity, not protection against eavesdropping.

Re:

[GameboyRMH]

Resident, no, that doesn't happen, it will pass through your system (fully encrypted) but not be stored on it. On Freenet it's a different matter.

And no, there's no way to run a darknet without facilitating the exchange of child porn. If you think the negatives of enabling child porn are worse than the positives of enabling free speech, then don't participate, It's an understandable and respectable decision.

Re:

[CastrTroy]

Why does free speech have to be anonymous? The freedoms we have today are because people have stood up publicly and announced that they are not happy with the status quo. When all the people protesting are faceless anonymous people hiding behind computers, it doesn't really count as free speech. People should be free from prosecution from what they say not because they are good at hiding, but because it is a fundamental right. The people shouldn't require technological measures to protect themselves. G

Re:

[GameboyRMH]

It's a practical vs. idealist question. Ideally free speech should not have to be anonymous. Practically it does, because the idealists who use their real names end up ruined or in jail. Also ideally protests should change things. Practically, not so much. [wired.com]

Re:

[icebraining]

I cite the SCOTUS:

Protections for anonymous speech are vital to democratic discourse. Allowing dissenters to shield their identities frees them to express critical minority views . . . Anonymity is a shield from the tyranny of the majority. . . . It thus exemplifies the purpose behind the Bill of Rights and of the First Amendment in particular: to protect unpopular individuals from retaliation . . . at the hand of an intolerant society.

Re:

[Pseudonym Authority]

The same could be said for any network. I bet more than a few people have shared CP over Starbuck's Wifi. Should they be held responsible? I also bet that every ISP in existence has had a few CP users as subscribers, but I wouldn't think twice about starting an ISP, if I were so inclined.

And this isn't unique to anonymous networks anyway. Remember limewire? Ever look at the incoming searches? Full of filth.

Re:

[Trubadidudei]

especially in this country where the US government can search your computing devices at airports and so on.

Fixed that for you.

Re:

[GameboyRMH]

That's not so much a problem with Tor specifically as it is with the user's browser (although as I've said before, I2P addresses many of Tor's weaknesses).

It takes an expert to set up a truly untraceable browser (you think a fresh-booted LiveCD's standard Firefox install is untraceable? LOL!). Any one little slip up could ruin it all. Your average user is going to connect to Tor using a wide-open cache-laden stock browser, complete with Facebook cookie. Or if we're real lucky, they'll enable Private Browsin

Re:

[mlts]

Using TOR isn't risky (yet) in the US, although can be in other places. However, the real risk is on the people running the TOR exit nodes.

A small issue

[93 Escort Wagon]

Apple likes to advertise "it just works" - but Tor often doesn't.

Re:

[GameboyRMH]

Sounds like you had your browser pointed directly at the Tor proxy. You're supposed to point it at a caching proxy server which then goes through the Tor proxy, acting like a "download accelerator" by aggressively fetching data to produce a reliable output. Still not perfect, but hitting Refresh never killed anyone.

Re:

[lister king of smeg]

i've never had a problem with tor, other than it being a bit slow, and i have been running it regularly for a good while now.

$2.99 price is a major FAIL

[alen]

why would i pay for something like this?

Re:

[GameboyRMH]

Because you voted for curated computing with your wallet and that's what you got. Oh you wanted to just compile an existing Tor client and browser yourself? Too bad. Jailbreak and lose your warranty or pay up for a dev license.

Welcome to the future.

Re:

[zoloto]

You don't lose your warranty, you tool.

Re:

[666999]

Correct, you simply have to do a relatively quick factory restore before you hand it over, and even that is rarely enforced.

Re:

[666999]

Because it's bundled into a simple-to-use package that will have free lifetime updates and comes with all the benefits of surfing on iOS?

I'm satisfied with Atomic & Knowtilus, each of which I got on sale for 99 cents a while back. Use appshopper [appshopper.com] to find deals.

App Size = 3mb

[bedouin]

Refreshing to see an app weigh in at a reasonable size considering its purpose. Downloaded it and everything seems to work well.

Re:

[Pseudonym Authority]

Indeed. Opera Mini for the iPhone comes in at, like, 3MB, but the flashlight app that does nothing by turn the video camera light on is almost 7MB? What the fuck?

So...

[mmcuh]

...Apple does not allow Tor itself in the app store, which would be useful for every single TCP-using app, but it allows a single browser that's bundling Tor?

Why?

Re:

[Synerg1y]

In windows TOR binds to localhost (127.0.0.1) and you can channel any traffic through it, not sure how it runs on apple, but if there is a localhost on an ipad for Tor to use, you can channel any app that supports proxying through 127.0.0.1, but I'm speaking from a windows environment... ipads tend to be a bit more locked down, no idea though, just throwing it out there.

Re:

[zoloto]

I have a vpn with the username of "tor" that I can use from the iPad. keeping all the bookmarks in the browser and it's easy to use. not sure why anyone needs an app though.