<p>Andy, thanks so much for your thorough response. I honestly wouldn't consider myself paranoid. I'm just curious and appreciate knowing a more about the network infrastructure at noisebridge.<br>
-James</p>
<p><blockquote type="cite">On Dec 14, 2012 9:43 PM, "Andy Isaacson" <<a href="mailto:adi@hexapodia.org">adi@hexapodia.org</a>> wrote:<br><br><p><font color="#500050">On Fri, Dec 14, 2012 at 07:23:33PM -0800, James Sundquist wrote:<br>
> How easy is it to gain administra...</font></p>Either trivial, or incredibly difficult. The box has been hardened by a<br>
few good hackers. We believe its network threat surface is minimal.<br>
<br>
Of course we have no way of knowing where the eth0 is plugged into. For<br>
all I know the FBI showed up with a NSL and told our hosters how it was<br>
going to go down and now we have the special red cat5 going into an<br>
inconspicuous black box. Or men in black showed up and plugged an extra<br>
special dongle onto a spare DIMM socket. Or an Intel microcode backdoor<br>
was inserted using the top secret radio hole in Nehalem. Feel free to<br>
make up your own hardware conspiracy theory to go here.<br>
<br>
I don't think any of those physical compromise scenarios happened, but I<br>
can't be sure.<br>
<p><font color="#500050"><br>> How do you<br>> guarantee Noisetor is not modifying, monitoring, or recording traffic?<br></font></p>I and a few others set it up. We believe it's not modifying,<br>
monitoring, or recording traffic. The benefit to us of lying about it<br>
are pretty small (and if I had evidence or even a good suspicion that<br>
one of the others had done something bad, I'd say so.)<br>
<p><font color="#500050"><br>> Trust is good, but I'd like to learn more specifics.<br>> This guy here[3] and here[4] mention si...</font></p>Yep, it's incredibly easy to do so. I can't present any evidence that<br>
would convince a sufficiently paranoid auditor (you) that this specific<br>
box hasn't been misused in this way. I can say that I believe it hasn't<br>
and I have an incentive to find out if it has and to publicize if I find<br>
out.<br>
<p><font color="#500050"><br>> How would you prevent someone from doing this?<br></font></p>We have a limited list of people with access to the box. We are pretty<br>
sure the box can't be compromised without compromising one of the admin's<br>
authentication methods, and we're pretty sure that hasn't been done.<br>
Short of hiring an actual auditor to examine an image of the box, I'm<br>
not sure what more proof you'd be interested in.<br>
<p><font color="#500050"><br>> How is the project managed? Is there extensive documentation<br>> somewhere of how Noisetor has bee...</font></p>We set out with grand plans to have the exit node extensively puppetted<br>
and completely checked in to github, but we ended up hacking together<br>
the configs for the box to get it running, and then ended up in the<br>
classic situation of "well, it's working, but getting the configs<br>
completely parameterized and checked in is more work than any of the<br>
existing admins are willing to put in." A fair bit of stuff is on the<br>
github repo, but not all.<br>
<p><font color="#500050"><br>> What first got me thinking about this was an 07/2012 article from<br>> BoingBoing[2] about a fake ce...</font></p>Shrug. If you trust a different Tor node operator more, feel free to<br>
use them instead of Noisetor. Personally I am certain that my machines<br>
could be compromised by an even minimally competent black-bag team; I<br>
don't have interest or wherewithal to defend against that threat, but<br>
I'm fairly confident that it hasn't been done unless by a major<br>
government agency, in which case I'm fucking screwed so I might as well<br>
just pretend I haven't been. I do my best to not get pwned and I think<br>
I do a pretty good job. I'm well aware of the weaknesses in my security<br>
posture; sometimes I mitigate those, other times I don't bother.<br>
<br>
HTH,<br>
-andy<br>
</blockquote></p>