
Portal: Personal Onion Router to Assure Liberty - DyslexicAtheist
https://github.com/grugq/portal
======
irl_
In general, this isn't the best idea. If you force all your traffic through
Tor you increase the chances that you're going to have an opsec fail. Loads of
stuff talks to loads of other stuff in the background all the time. Checking
your email or refreshing your social media feed or whatever.

When you use TAILS, only applications that are aware of Tor will be using Tor
and other applications just go nowhere.

Tor Browser is a great example for explaining the separation between
application layer and network layer anonymity. The tor client gives you
network layer anonymity while Tor Browser gives you scrubbing of cookies and
anti-fingerprinting. Using another browser, or other applications in general
that do not try to provide application layer anonymity, with Tor wouldn't
protect against all the application layer attacks and so you end up with less
(or no) protection.

~~~
DyslexicAtheist
I see where you're coming from but neither tor-browser, tails or a portal is
going to protect users that don't rtfm. If you use the tor-browser you still
want to avoid checking email or starting services over that same channel that
will leak your identity. this are basic tor guidelines and the documentation
even warns users of this.

the typical users for a portal are people with prior training of opsec (yes
you need to train opsec all the time because it's not just the tools but your
whole workflow that's gonna trip you up) and a _real_ use-case.

I assume if you use this you won't make such rookie mistakes like having
services running that will leak identity. It's perfect for journalists,
activists or anyone else that already uses hardware based
compartmentalization. This is an additional layer - not a silver bullet. I
really assume a portal user already knows what things to isolate, which
processes may run, what part of their work (during an operation) needs to be
airgap'ed and hence shouldn't go through a portal ...

~~~
DyslexicAtheist
PS: I'd trust hardware based compartmentalization like this any day over the
QubesOS nonsense.

------
badrabbit
Just a thought,IC and Law Enforcement control a large number of Tor nodes.

Even if Tor has no deanonymization risks,the fact that you use Tor makes you a
bright red target -- by Feds and Local cops! (In US). Unless you use
bridges(and even then) your ISP and Law enforcement will have you (or the
subscriber of the ISP connection) listed as a Tor user. Think of it as driving
on the road,you can drive a "pimped up" cadillac bouncing it all over the
street -- and you have the right to do so -- but you will get pulled over and
searched a lot,and hopefully all your encounters with LE will be harmless but
it might not be so.

Just because they leave you alone,don't assume it's because they are not
monitoring you.

~~~
jammygit
What if you want to use Tor, not because you have something to hide, but to
make it easier for everyone to be anonymous?

edit: punctuation

~~~
badrabbit
Then you accept the risk associated with it. For people who need anonymity,I'd
say a TLS vpn which isn't publicly listed as such would be ideal imo. My
opinion is that anonymity isn't absolute and if you care about your use of
anonymozing services to remain unknown as much as you want the resources you
access with them to remain a secrect then the protocol should blend in with
normal traffic.

Consider a place like n korea,if they see someone connectig to a Tor node,that
person is screwed even if he only watched cat videos with it. Or maybe even in
the US,imagine a court case where your innocent usage of Tor is used to into
question the legitimacy of your private activities.

------
swixmix
It worries me to find this in the repo:

    
    
                  -- No logs - No crime --                 
    

See
[https://github.com/grugq/portal/blob/master/openwrt-35017-to...](https://github.com/grugq/portal/blob/master/openwrt-35017-to-
portal.diff#L156)

~~~
DyslexicAtheist
then why use tor in the first place, if you got nothing to hide?

logs may incriminate you even your own country protects you. think e.g.
panama-leaks or other stuff that an activist or journalist might come across
in your research ... also can you trust your own law enforcement not to be
corrupt? how about if you know things connected to organized crime, ... in
that case if you're based in the same jurisdiction as the mobster and e.g. you
stole a couple of gig worth of incriminating material would you go to the
police? it's pretty clear that you wouldn't want any logs.

I live in a country where the highest ranking politicians are fully in the
hands of the mob. here a speeding ticket can be solved with a small "tip".
Word of advise: don't ever trust the state to protect you. Also don't ever
talk to cops no matter where in the world you're living (even less so if
you're not guilty! this is first advise every lawyer will give you too).

~~~
swixmix
It's not that I have nothing to hide. I close the door before I use the
toilet. This tool specifically promotes hiding crimes. Mix questionable ethics
with no updates in six years and it's likely to taste off and stale.

~~~
DyslexicAtheist
you're suggesting questionable ethics but presumably missed the point that
@thegrugq is one of the biggest thinkers in OpSec today.

thegrugq threads
[https://hn.algolia.com/?query=thegrugq&sort=byPopularity&pre...](https://hn.algolia.com/?query=thegrugq&sort=byPopularity&prefix&page=0&dateRange=all&type=all)

insinuating criminal content and questionable ethics, or conjecturing he is a
nation state actor, when you seem to be utterly unfamiliar with his work isn't
fair tbh

------
INTPenis
A friend of mine did this himself, a wireless router with TLS security and a
double TOR circuit.

Meaning he doubles the first circuit over another circuit. I have no idea if
that increases security but I'm sure it affects performance.

He's built these little routers for over a year for himself and others but
never published anything.

~~~
dsl
Tor-over-Tor is less secure than Tor by itself, because the circuits are not
aware of each other and it is possible to reuse your first connections entry
as your second connections exit.

i.e. A->-B->C, then the second connection becomes D->-E->A. This would allow A
to de-anonymize you.

------
jasonpeacock
Note - the Github project hasn't been updated in 6yrs.

~~~
jasonpeacock
One of the chipped routers is still available:

[https://smile.amazon.com/TP-Link-TL-WR703N-Wireless-
iphone4-...](https://smile.amazon.com/TP-Link-TL-WR703N-Wireless-
iphone4-android/dp/B005VEJ3GM)

------
TimTheTinker
I’m interested in doing something similar, but just routing all my home
network traffic through an Algo VPN server I spun up on DigitalOcean (except
Netflix and Amazon video).

I know there are tutorials online for setting this up against an OpenVPN
server, but I haven’t found any for Algo that allow exceptions for some
destination IPs (Netflix, etc.).

------
eeZah7Ux
This is terrible. A lot of applications leak personal data including MAC
address and public IP address.

Only use applications that are specifically designed to run on Tor!

Finally, Tor is meant to protect users only from nosy ISPs and websites that
track IP address and browser fingerprint.

------
forapurpose
Note the developer, grugq.

