Interesting but I doubt whether you really want to route /all/ your network traffic through Tor.
As soon as some packet that reaches the internet (through an exit node) that includes some identity information your Tor connection is no longer private. Routing all your traffic via Tor, increases the chance this will happen.
Also if many people use Tor for all their traffic, this will become a scalability problem for Tor (lack of exit nodes).
It's a terrible idea to route all your traffic over tor. If you have any expectation of anonymity you'll be disappointed. Since tor does not do any application level filtering, it is easy for exit nodes to track you.
It's a neat idea but has the same problems as network wide tor routers.
Exactly. Good implementations like Whonix take steps to isolate your circuits between different applications and profiles[0].
Further in those cases you're isolating your identities with virtual machines by default, which helps enforce good compartmentalization.
Forcing all traffic into one environment and then over a single circuit means everything you ever access is linked together. The other story on the front of HN is the accused stalker who was caught partly for doing exactly this (would access his real Gmail and then "stalker" Gmail over the same connection)
Whonix also provides a model of enforcing Tor by using an isolated proxy - which doesn't require kernel modules and also allows firewall policies
I'd classify this as a naive approach that sounds like a good idea at first inspection - but the Whonix developers have really thought this through and their Wiki[1] is a tremendous resource that explains why they use the model they do.
How does this compare to Tails? Conceptually they look similar, both having the kernel enforce that all traffic goes through Tor.
But Tails is a configured with security and Tor in mind. I don't see when I'd want to install such a kernel module on a normal distribution over a specialized distribution. (Or a multi-vm setup like whonix, instead of trusting the kernel)
I can't even comment here when I use my homemade vpn, hosted digital ocean or linode. And HN is not the only place... I understand spam is a problem, but it feels like a hammer solution.
bjpbakker|8 years ago
As soon as some packet that reaches the internet (through an exit node) that includes some identity information your Tor connection is no longer private. Routing all your traffic via Tor, increases the chance this will happen.
Also if many people use Tor for all their traffic, this will become a scalability problem for Tor (lack of exit nodes).
giancarlostoro|8 years ago
acebarry|8 years ago
It's a neat idea but has the same problems as network wide tor routers.
nikcub|8 years ago
Further in those cases you're isolating your identities with virtual machines by default, which helps enforce good compartmentalization.
Forcing all traffic into one environment and then over a single circuit means everything you ever access is linked together. The other story on the front of HN is the accused stalker who was caught partly for doing exactly this (would access his real Gmail and then "stalker" Gmail over the same connection)
Whonix also provides a model of enforcing Tor by using an isolated proxy - which doesn't require kernel modules and also allows firewall policies
I'd classify this as a naive approach that sounds like a good idea at first inspection - but the Whonix developers have really thought this through and their Wiki[1] is a tremendous resource that explains why they use the model they do.
Qubes OS is another similar approach[2]
[0] https://www.whonix.org/wiki/Stream_Isolation
[1] https://www.whonix.org/wiki/Main_Page
[2] https://www.qubes-os.org/
CodesInChaos|8 years ago
But Tails is a configured with security and Tor in mind. I don't see when I'd want to install such a kernel module on a normal distribution over a specialized distribution. (Or a multi-vm setup like whonix, instead of trusting the kernel)
unknown|8 years ago
[deleted]
tgragnato|8 years ago
> /* Drop all ipv6 traffic */
hendi_|8 years ago
> The Tor network currently only supports TCP ipv4 traffic
aminorex|8 years ago
cisanti|8 years ago