Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Tor-only wireless access

michi1 at michaelblizek.twilightparadox.com michi1 at michaelblizek.twilightparadox.com
Thu Jun 26 08:42:41 PDT 2014


Hi!

On 18:15 Wed 25 Jun     , Jonathan Wilkes wrote:
> On 06/25/2014 11:33 AM, michi1 at michaelblizek.twilightparadox.com wrote:
> >Hi!
> >
> >On 18:01 Tue 24 Jun     , Jonathan Wilkes wrote:
> >>On 06/24/2014 11:35 AM, michi1 at michaelblizek.twilightparadox.com wrote:
> >...
> >>>Integrating tor should be rather straightforward: run a bridge on the uplink,
> >>>run a tor client on client and tell the tor client to use a bridge at
> >>>localhost:someport (my program will then route it to the next bridge)
> >>Why can't the client just run Tor?
> >This is basically because the tor client does not support discovering bridges
> >in the local network.
> 
> But why is the bridge necessary?  Why can't you just allow the
> client to connect and just limit the connection only to the Tor
> network?

The reason is basically that if you need a bridge to connect to the tor
network (e.g. because of blocking), the ip whitelist would block that. You
cannot whitelist bridges, because their addresses need to remain secret.

But I see no specific problem with allowing access via whitelisting as well.
Has anybody tried this?

> >  It does not have support for cor yet either. This may or
> >may not change. The configuration described above should work without any
> >changes to the tor client.
> 
> But the user must make configuration changes to the client based on
> information provided by an untrusted party.  In this case those
> changes would not undermine the user's technical defenses;
> nevertheless, the user learns or reinforces a bad habit. (Especially
> if they proceed to look up whether or not it was safe to use the
> bridge _after_ they've used it to connect-- again probably
> technically safe in this case but conceptually a very dangerous
> habit.)

I agree that asking users to make configuration changes may be problematic.
But I guess this is not as bad as you think. My project is about mesh
networking. If you want to forward data for others, you will have to run my
programs anyway. Also there is stuff like randomising mac addresses, the
UseEntryGuards option and blocking programs bypassing tor on the client. In
most cases we probably have to mess with the configuration anyway.

	-Michi
-- 
programing a layer 3+4 network protocol for mesh networks
see http://michaelblizek.twilightparadox.com



More information about the liberationtech mailing list