UK ISP Tests SIM Card That Forces All of Your Mobile Data Through Tor

An anonymous reader quotes a report from Motherboard: [O]ne UK grassroots internet service provider is currently testing a data only SIM card that blocks any non-Tor traffic from leaving the phone at all, potentially providing a more robust way to use Tor while on the go. "This is about sticking a middle finger up to mobile filtering, mass surveillance," Gareth Llewelyn, founder of Brass Horn Communications, told Motherboard in an online chat. Brass Horn is a non-profit internet service provider with a focus on privacy and anti-surveillance services. Tor is a piece of software and a related network run by volunteers. When someone runs Tor on their computer or phone, it routes their traffic through multiple servers before reaching its final destination, such as a website. That way, the website owner can't tell who is visiting; only that someone is connecting from Tor. The most common way people access Tor is with the Tor Browser Bundle on desktop, or with the Orbot app on Android.

But, in some cases, neither of these totally guarantee that all of your device's traffic will be routed through Tor. If you're using the Tor Browser Bundle on a laptop, and then go to use another piece of software, that app is probably not going to use Tor. The same might stand for Orbot running on older iterations of Android. Nathan Freitas, from The Guardian Project which maintains Orbot, said with newer versions of Android, you can lock down device traffic to only work if a specific VPN is activated, including Orbot's. This SIM card, however, is supposed to provide a more restricted solution in the event that other approaches don't quite work. The UK-exclusive SIM card requires that users create a new access point name on their device. It also requires Orbot to be installed and running on the device itself.

Re: I wonder

[Anonymous Coward]

Simple, the UK is going to flood the internet with tor exit points. This is fucking stupid.

Re:

[Anonymous Brave Guy]

The government might not like it, but whether they can do much about it is another question. It would be difficult to draft a law that covered tools like this without causing significant collateral damage.

Of more immediate practical interest might be that visitors from Tor tend to be restricted in what they can do online because there's a disproportionate risk of attacks, fraud, and other hostile actions. I expect the payment services we use flag traffic from Tor exit nodes as being higher risk, for example

The government created it

[raymorris]

> The government might not like it

The government created Tor.

> there's a disproportionate risk of attacks, fraud, and other hostile actions. I expect the payment services we use flag traffic from Tor exit nodes as being higher risk, for example, which might make it more difficult to buy things online.

True.

Re:

[fuzzyfuzzyfungus]

There's also the issue(likely very significant in this case) that Tor does not (and doesn't claim to; and probably couldn't in principle, at least without significant redesign) protect you from endpoints inferring things about your traffic if it is interesting/identifiable in itself.

The onion routing and encryption of your traffic as it gets passed between the intermediate nodes breaks trivial identification of the origin of the traffic and keeps the intermediate nodes in the dark; but the exit node [i]m

Re:

[AmiMoJo]

I regularly use a VPN on my phone and home connection, it's been fine in the UK. If anyone did request my ISP records they would just see a very long term connection to the VPN, although I suppose they could enable extra logging beyond what is legally required if they wanted to establish usage patterns.

The problem with doing it on mobile is that it doesn't block the worst bit of tracking - location. The mobile providers log which cell towers your phone uses and signal strength, giving your approximate locat

Run, Forrest, run! Run like the chickenshit you ar

[Anonymous Coward]

APK, you got caught lying when you denied saying hosts do port forwarding: http://hardware.slashdot.org/comments.pl?sid=12792965&cid=57521005 [slashdot.org].

You got caught overstating the capabilities of hosts and now you're running like the chickenshit coward you are. You're not enough of a man to admit you lied, so you ran.

DDoSing Tor?

[HornWumpus]

All your data? Is there a real point? If it succeeds, Tor fails.

Re:

[tlhIngan]

All your data? Is there a real point? If it succeeds, Tor fails.

Yeah, their network can't handle 3G speeds, so if they can send your data through Tor, you'd think it was Tor giving you crappy data speeds and not their data network.

Thus they can offer LTE service at 2.5G speeds!

Rootable Phones

[nnull]

Let me root my phone and let me do what I want with my data please, thank you. I'm getting quite annoyed with the massive lock down of phones lately or they somehow completely gimp your phone if you do, like Sony's new phone where, sure you can root your phone, but your camera just takes green pictures.

It's getting to the point where I don't even want a phone or tablet anymore. They all want to "Protect" me. But when that protection uploads crap to the cloud hosted in China without my consent (Samsung and A

Re:

[PReDiToR]

Supporting SONY is a case of "no sympathy" because of their stance on DRM, locking their hardware down even after you've bought it off them, and the other million reasons this company should FOAD.

There are very few companies to buy from in good conscience, in fairness to your purchasing decisions.

Exit nodes are great for snooping

[cyberisthenewpink]

This is probably the stupidest idea ever Only traffic going to TOR network should go to TOR network. Going through TOR to browse internet etc is incredibly stupid. Exit nodes can be set up by anybody. Exit nodes can see ALL traffic flowing through them passively - there is absolutely no way to see if someone is intercepting the data on the fly. Even SSL/TLS protected connections are leaking connection metadata and so on.

Re:

[Repentinus]

Exit nodes can see all the data going through them, but they do not know where that data originates from. If you use TLS on top of the Tor circuit, it is unlikely that the exit node can figure out who you are. To do so would require the exit node to also control your entry node and to run a sophisticated timing attack; unsurprisingly, Tor takes measures [torproject.org] to guard against it. Exits are also regularly probed for malicious behaviour like traffic sniffing and banned from the network if caught doing that.

Cloudflare Launches Security Service for Tor Users

[Freshly Exhumed]

If only every site would look into activating this new Cloudflare-Tor solution:

https://www.securityweek.com/c... [securityweek.com]

It has to be activated on the server side, so if you're tired of endless ReCAPTCHA loops of fire hydrants, buses, stairs, chimneys, traffic lights, etc. etc. then ask the site(s) to enable it.

that is going

[sad_]

that is going to ruin tor for everybody, or at least everybody in the UK.

Re:

[wiretrip]

Well they'll soon be very good at identifying chimneys, fire hydrants and buses :-)