So this is something you should only be using tor applications through? The benefit of a tor box is that it's much more immune to exploitation from the local machine leaking data - if done right.
It'd be nice if you could simply point tails at this but afaik it's bad to do tor over tor.
Not necessarily only Tor applications, also works well for VMs/physical machines created specifically to be used directly in a Tor only environment, where none of your data is otherwise associated with them.
I use this for malware reverse engineering for example.
The proposed setup also makes devices properly configured to leverage tor "anonymity" features vulnerable to misconfigurations of other devices using the network that is routed over tor (through the same circuit) in various ways.
>Also, this pattern can create false sense of security.
Tor provides obscurity, not security, even for applications designed to use tor. And even then obscurity isn't lower, in clearnet you have zero obscurity.
It's commendable that the project states "anonymity is hard to get – solely using Tor doesn’t guarantee it" and "it is strongly advised not to use TorBox if your well-being depends on your anonymity". Other such solutions like to gloss over the fact that "using tor !== anonymity" and even the Tor Browser does a lot more to help with anonymity than just route your traffic through tor.
I'm still not sure where such a solution would be a good choice though. Getting access to the broader, uncensored internet is also not as easy as it seems in countries where this applies, e.g. China, as even getting an entry node that works is not easy so this is not a plug'n'play option anymore for that.
I use shadowsocks-libev for everything these days. It's UDP so unlike TCP it isn't quite as vulnerable to, say, central government or ISP mediated forged TCP reset packets. It's way faster than a ssh socks proxy too since it isn't limited to one connection. And it's tiny and requires very little CPU resources and only about 2 MB of ram.
It's getting less and less funny that I have to use the same methods as chinese citizens living under a dictator for life just to avoid my ISP attacking my HTTP connections.
What would you say is a good place to find Shadowsocks? Looks like the main repo is empty: https://github.com/shadowsocks/shadowsocks with the readme stating "Removed according to regulations."
> Shadowsocks is a free and open-source encryption protocol project, widely used in China to circumvent Internet censorship. It was created in 2012 by a Chinese programmer named "clowwindy", and multiple implementations of the protocol have been made available since.
Shadowsocks and similar tools are mainly about obfuscating your traffic flow so it‘s harder to classify and block by the GFW, right?
The Tor Project has the „obfsproxy“ project for that I think, or is that aimed at something else? I always wondered why that did not overtake shadowsocks.
There are different kinds of anonymity. If you just want to hide you IP address from a specific website's operator, then you don't care much about being trackable or not. You just use Tor as a fancy IP spoofing technique. They know that you are you, but might find it harder to ban you or call the police on you. (Of course, they can just ban all of Tor. And of course this scenario is mostly useful for trolls... but I can imagine some cases where this you have a legitimate need to spoof you IP like this.)
But any of the VPN services out there do that for you without the incredible stigmata of having an IP of a Tor Exit Node and the reduced performance of the Tor Network.
On the other hand we definitely do want people to use tor for relatively innocuous reasons, so there's plausible deniability for all the people using it for legitimate reasons (eg. journalists, whistleblowers, etc.)
After a short moment of outrage I saw the important and required notice not too deep in the project description:
> [...] it is strongly advised not to use TorBox if your well-being depends on your anonymity. In such a situation, it is advisable to use Tails [...]
My advice for anyone considering this kind of setup (tunneling blindly a set of clients through tor) would be to 1) make sure they understand the limitations of the approach, especially when clients behave "normally" (a.k.a. actively leaking identifying information) while sharing a circuit and 2) have a look at the considerations that projects like the tor browser or tails are focusing on in order to measure how fragile tor "anonymity" features are.
I feel it's useful to insist on it: DON'T RELY ON THIS KIND OF SETUP FOR CRITICAL OPS.
Besides these warnings, I have a hard time figuring a sensible use case for this (I may lack imagination though). One useful (but unrelated, from what I got from my quick glance on TFA) feature of tor that I enjoy and that is orthogonal to its "anonymity" features is the ease of exposing an onion service (reverse tunnel like) from inside a firewall'd/NAT'd network.
Can I just order one of these? I never even glued the raspberri pi and fan and case together to even get to the point of loading this, and this package is supposed to be the convenience
I just want the tiny computer router out the box loading this
Four your consideration: I think the continued updating of the package and the Pi to keep it from turning into a security hazard by itself will prove to be more work than just whacking together a Pi.
Sorry for the uppercase, but transparent proxies are dangerous, *especially* if users are not aware of them.
Applications that are not explicitly designed to use Tor can often leak data or be vulnerable to malicious exit nodes.
Also, this pattern can create false sense of security.
See warnings:
https://gitlab.torproject.org/legacy/trac/-/wikis/doc/Transp...