The only privacy system I would trust is one which I built myself. Open source for sure but if you want assurance, then audit the source code.
The detail that makes me a bit nervous(though it beats the previous state, where the situation was overtly shady and had this problem), is that Tor is rarely something you want all your traffic passing through, except in specific cases where ‘all your traffic’ is a constrained set of safe activities and protocols, used on an OS suitably configured for it, and nothing else.
The Tor project itself has the basic don’t screw up list; and their guide on Tor-ifying applications that aren’t the browser bundle browser provides some details on just how maldesigned various programs and protocols are from the perspective of anonymity.
Having Tor running on a low-power, quiet, device is nice because it can allow you to maintain a stable node without a big PC humming away all the time; but Tor is not something that you can just shove a commonly configured device’s traffic through and expect good results.
Anything non-SSL is going to be in the clear for your exit node, and a lot of software is so chatty it’s hard to decide whether it is incompetent or malicious.
Full disclosure: I’m a founder of Cloudstead.
Cloudstead will soon be releasing an open source (AGPL) private cloud operating system, CloudOs. It comes built-in with email, calendar, file storage, and an app store where you can add more apps for blogging, wiki, collaboration, etc. It’s kind of like Google Apps, but without Google – as in you own your cloudstead and no one (not even us) can get into it.
We’ve designed Cloudstead to be hardware-agnostic, so you can install it onto a VM in a public cloud (ala Amazon EC2, etc), onto hardware in your own datacenter, or even onto an home/office Internet appliance.
Personally, I think the software problem is far harder than the hardware problem, so that’s what we’ve tried to solve first. The hardware approach does give you a nice and simple package though, and I could see Cloudstead offering something like this down the road.
Here’s some reflections on our philosophy, if you’d like to know more: http://www.cloudstead.io/2014/10/cloudstead-thinking/
The software problem is massive but once you start talking about cloud based everything there is no way to ensure security. SSL is easily proxied. Local key management is hard to keep secure and easy. Your back end is vulnerable to a knock on the door from the government.
I agree there is no such thing as perfect security. But if you’re ever going to have anything remotely approaching real online privacy, it must begin with a foundation: a system that only you own and control.
For the truly paranoid: install the AGPL version of Cloudstead onto hardware you own, in your own datacenter, with armed guards and cameras on it 24/7. In theory, now the only way someone can get at your data is via a compelling legal order, and that order has to be served to you, and not a third party that might not even be allowed to tell you about it.
By using our service at cloudstead.io, we make the setup and management of your cloudstead much easier (automatic DNS and SSL management for example), while minimizing the amount of your cloudstead’s data that is ever exposed to anyone, including us. As you correctly point out, this certainly involves some tradeoffs. We’re trying to strike the right balance between convenience and security, while always having the open source version available for those who want to dial-in the tightest possible security settings.
There’s also a promising product coming soon from the U.S.-base Network Safety Artisans. They haven’t launched their kickstarter yet, but I hear they are going to provide a robust software, hardware and cloud computing service to beat all contenders, which includes a TOR router and anonymization tools, secure cloud storage and private, encrypted web services including email, chat and video chat!
What about some software based on Raspberry Pi or some similar generic board? One ethernet port native, one or more (or even other interfaces, from dialup to 3g) over USB (that’s reportedly flakey and slow-ish but the real upstream speed of most providers sucks anyway), a P-FET to disconnect-reconnect the USB-attached hardware power if it seizes? That way the hardware is commodity (and if the product doesn’t work as advertised or you don’t it anymore, you won’t end up with a useless box but with a second prize, the raspi), the software can be supplied as convenient SD card images and you can audit the images easily on a known-good machine, not like with those have-to-trust-'em onboard NANDs. You can even automate the auditing process - take the card to a trusted machine, run tripwire or other checksum checker, put it back into the router. You can even have two cards with a cross-switching mechanism (all the signals are unidirectional and 3.3V, so a bunch of 74HC family mux/demux selector chips is all you need), so one goes to the raspi, the other one to a card reader connected to the trusted machine, and you can electronically swap them and do automated audits (or reboots from clean, reimaged card) daily.
As a bonus for the extra-paranoid, a microSD card is easy to destroy mechanically if The Man comes knocking (think a spring-loaded plunger, you don’t even need thermite).
@cobbzilla, any plans to have a raspberry pi optimized version of your thingy, for very lightweight uses?
@shaddack absolutely, there should be a micro-edition that can run on raspberry pi. Bear in mind it’s not going to do a ton locally; if you want to run a heavy-weight app, cloudstead will corral computing resources from outside itself (in some virtual private cloud, or perhaps a server farm in your datacenter).
Kudos. The threat of a NSL is applicable to every us citizen or company, but making security easier even in the face of legal threats is good.
Okay, I haven’t kept up with the current of accountability on kickstarter. BUT perhaps they should hire a full time engineer just to see if the project is feasible in terms of just manufacturing units with the given funds and the current cost of parts and labour. Before projects like that is launched.
Can/will/does it have at least some rudimentary routing/firewalling/anonymizing functions? So it can protect the network and be a “minicloud” for low-volume domestic uses? (I am well-familiar with its limits and drawbacks and lack of memory and low-power CPU and various odd tendencies… e.g. in rare cases it seizes and needs a power cycle, regular reset will not do. this can be done with a daughterboard with a power supply and a watchdog. And so on…)
Cloudstead will support this use case, and most of the capabilities required are already in place. A few pieces remain to be built: we’d want a component to handle dynamic DNS (if your IP address changes underneath you due to DHCP lease renewal), and some simple controls for the routing policy: For example, you might route data for certain apps over the regular Internet, and route more sensitive apps over Tor, or through a VPN, or through a VPN that proxies through Tor, or… you get the idea.
This topic was automatically closed after 5 days. New replies are no longer allowed.