The figure above shows the setup directions that come with the device the company that makes the device, Pogoplug, emphasizes an easy installation and setup process and then the user can “Browse the Internet with complete security and anonymity.” It is marketed as a consumer product for non-technical users and for a broad set of devices. It’s a small black box that plugs into a user’s router and acts as an HTTP proxy that sends all Web traffic through Tor, which anonymizes the “from” IP address of the user’s traffic. For the rest of this post I’ll review our findings and highlight the differences and tradeoffs between the Tor Browser Bundle and a torifying proxy, like the Safeplug. Our research concluded that users should run the Tor Browser Bundle if they can if not, then there is some value in a torifying proxy like Safeplug as long as users are aware of its limitations. However, we found that the hardened browser in the TBB is very important for security, and we found a number of usability and security problems with the Safeplug, including the ability for a local or remote attacker to silently turn off Tor or modify other device settings. Safeplug claims to offer greater usability, particularly for non-technical customers, than the state-of-the-art in anonymous Internet browsing: the Tor Browser Bundle (TBB).
Last month at the FOCI workshop, we presented a security analysis of the Safeplug, a $49 box which promised users “complete security and anonymity” online by sending all of their web traffic through the Tor onion routing network.
0 kommentar(er)
