Fast, wireless access to Tor? Just maybe Portable Tor routers have a serious image problem. But one of only two companies to have actually done it right plans to fix that.Should you believe the hype this time around? Quite possibly, yes. It was only a year ago that the tech community got excited about the idea of a small, lightweight router that would connect you …
I'm not sure how the premium bridge thing is even supposed to work. They admit it only gives you a faster first hop (which is good because otherwise they'd be totally clueless or dishonest) but they claim in testing it "significantly enhanced our experience." I'm skeptical, but OK...
The next big problem is that they have to keep track of who's paying and how isn't somehow. That's almost certainly going to have privacy consequences. Bridges (or guard nodes) know your IP address already, so theoretically the basic security model of Tor isn't changed much, but knowing your IP address AND your full name (because you paid with a credit card) is clearly worse.
"[Invizbox] offers a whole host of possibilities, plus it logs and reports on traffic so you can see what is going on."
A security appliance that "logs and reports" things that were never meant to be either logged or reported, doesn't merit serious consideration. The whole point of Tor is to evade the dicks who want to know your business. Invizbox gives you the option of being that dick. Even so, I heartily approve of the new Invizbox ATM, which "logs and reports" your card number, PIN, and expiration date. That's the kind of deep thinking that keeps us all safe.
How can JavaScript reveal your true IP when your whole computer can only connect to the internet through Tor? I've never hesitated to make my distrust of JavaScript known, but it seems there's no way it could do this, at least not all on its own.
What do see as a risk, possibly a huge one, is using the same browser both with and without Tor. (An easy mistake with this configuration unless you really use Tor 100% of the time.) And of course JavaScript could easily play a part in this kind of attack, as it does in many others.
Yes, AFAIK the Javascript and WebRTC (and Flash) vulnerabilities are/were purely about side-stepping the Tor connection (ie. not using the configured proxy) and thus leaking your real IP address over your normal Internet connection.
If your machine's *only* internet connection is through Tor, then there's no IP address *to* leak, except maybe your local wifi one (192.168.x.x or such).
then there's no IP address *to* leak, except maybe your local wifi one (192.168.x.x or such)
Still, this makes me a little uncomfortable. I also would like an ability to turn off local storage and all the "File" javascript functions. No website needs that as far as I'm concerned!
Edit: Oh, is "dom.storage.enabled" the local storage in Firefox about:config?
Slightly incorrect. "[Invizbox] offers a whole host of possibilities, plus it logs and reports on traffic so you can see what is going on."
The Invizbox reports only on current state of the on the router, nothing is logged. Its Live graphs only regarding ram/cpu etc and that is it. We log nothing about Tor or its state. There is on 16Mb of storage on the device so its not stored.
Plus WebRTC is blocked at a basic level stopping exposing IP's etc.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
