Author Topic: Route all traffic through tails?  (Read 1848 times)

0 Members and 1 Guest are viewing this topic.

Offline scarecow

  • /dev/null
  • *
  • Posts: 5
  • Cookies: -1
    • View Profile
Route all traffic through tails?
« on: January 12, 2016, 12:41:23 pm »
hi,

I want to create a privacy-setup. I'm relatively new in this field (TOR/Jondo/...), so excuse lacks of knowledge of the "how it works".
Because of this I want to ask here if this little project has potential to work at all.

Router <----> PC/Server where Tails is installed <----> Home-Use PC (for Youtube and so on).

Tails will be configured as "Router": http://www.yourownlinux.com/2013/07/how-to-configure-ubuntu-as-router.html
(Works also on Debian, so I assume it will work on an installed Tails too.

The primitively main-goal of mine is to privacy my whole family as much as I can. Some lack of netspeed wouldn't be an issue.
The relative  complicated way to learn the security plugins and methods is the mainproblem while "staying strong" in this case. :)
Best would be if they wouldn't notice something has changed ( instead of speed e.g.).

I know, by this setup they can't  or rather shouldn't use reallife-accounts, but therefor I will maybe setup a second connection routed through
proxy via Jono-OS for example.
 
So, please tell me if this will work at all or if I forgot some important things. Maybe some of you knows better methods.




 

Offline iikibT

  • Serf
  • *
  • Posts: 41
  • Cookies: 7
    • View Profile
Re: Route all traffic through tails?
« Reply #1 on: January 12, 2016, 01:01:39 pm »
I would recommend Whonix Gateway instead of Tails in this case, it is made for exactly what you are describing.
Hacking for no fun and no profit

Offline scarecow

  • /dev/null
  • *
  • Posts: 5
  • Cookies: -1
    • View Profile
Re: Route all traffic through tails?
« Reply #2 on: January 12, 2016, 01:29:45 pm »
what exactly data miners observe if someone use reallife-accounts via tor?

Is it a big privacy breach or rather a small leak where a not blackhat shouldn't be worried about?

I assume that a hunting blackhat wouldn't use reallife accounts at all, right? :D


Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Route all traffic through tails?
« Reply #3 on: January 12, 2016, 03:16:21 pm »
I think you should forget about this whole thing.
Either go with the advice below and setup a firewall or stop looking for bullshit reason to have all trafic going over TOR or whatever.
Since you appear to have no networking knowhow it is likely you have no clue what you are doing and why.
I cannot think of 1 single reason why you would want to use tails for this apart from it sounding really cool.
Why the fuck not just have a TOR listener somewhere and just connect browsers to it ?
« Last Edit: January 12, 2016, 03:17:05 pm by proxx »
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline scarecow

  • /dev/null
  • *
  • Posts: 5
  • Cookies: -1
    • View Profile
Re: Route all traffic through tails?
« Reply #4 on: January 12, 2016, 06:21:47 pm »
I said I'm relatively new t o stuff regarding privacy.  :o

Because of no other reason, I want to get verification that there is no little thing I
maybe overlook and which undercut my complete project.

Ok, I can wireshark my complete outgoing traffic, but there I cant' see how many ways dataminers have,
to link tor-exit traffic to my browsing habit. What about perma-cookies in tor-perspective? I don't know yet, but I actually learn it, because I want to secure my network... You got it?

I just hoped tails can close - through it's totality - my gap of knowledge where data breaches would be possible. At least till I know all important stuff to do this on my own and with assurance . btw... "tails" sounds not cool, but everyone should have his own taste. :P

Tails is simply created to force all traffic through tor. Normal used home-pc's, used by people who have no knowhow, are very difficult to configure for privacy.  Mostly privacy force a change of habits and learn new stuff. I like this, but maybe others do not!  That would be reason two.

In reality most people who aren't it addicted don't use privacy tools because it's to complicated, so I want to close this gap through comport ( done by simply route all possible traffic ).  Maybe this count as reason 3.

Yahh, but through this post I got 2 new Buzzwords: whonix-gateway and tor-listener. Ty for that so far

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Route all traffic through tails?
« Reply #5 on: January 13, 2016, 07:13:32 am »
I said I'm relatively new t o stuff regarding privacy.  :o

Because of no other reason, I want to get verification that there is no little thing I
maybe overlook and which undercut my complete project.

Ok, I can wireshark my complete outgoing traffic, but there I cant' see how many ways dataminers have,
to link tor-exit traffic to my browsing habit. What about perma-cookies in tor-perspective? I don't know yet, but I actually learn it, because I want to secure my network... You got it?

I just hoped tails can close - through it's totality - my gap of knowledge where data breaches would be possible. At least till I know all important stuff to do this on my own and with assurance . btw... "tails" sounds not cool, but everyone should have his own taste. :P

Tails is simply created to force all traffic through tor. Normal used home-pc's, used by people who have no knowhow, are very difficult to configure for privacy.  Mostly privacy force a change of habits and learn new stuff. I like this, but maybe others do not!  That would be reason two.

In reality most people who aren't it addicted don't use privacy tools because it's to complicated, so I want to close this gap through comport ( done by simply route all possible traffic ).  Maybe this count as reason 3.

Yahh, but through this post I got 2 new Buzzwords: whonix-gateway and tor-listener. Ty for that so far
I might not have been that nice , eventhough your question is quite stupid your intention are fundamented.

https://www.howtoforge.com/how-to-set-up-a-tor-middlebox-routing-all-virtualbox-virtual-machine-traffic-over-the-tor-network

Something that turned up while searching.
Dont take it too seriously but it gives an example of what it is you want.
Fact that they talk about a VM is not really relevant here.

You will probably annoy the fuck out of everyone since TOR is slow.
Also make sure you don't leak , things as ICMP cannot go through TOR due to it's design.

Other than that you must understand we have noobs here every day that drop the word TOR and something fancy such as TAILS, what we would encourage you is to set it up yourself and actually understand, any distro would do really.
« Last Edit: January 13, 2016, 07:22:26 am by proxx »
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline scarecow

  • /dev/null
  • *
  • Posts: 5
  • Cookies: -1
    • View Profile
Re: Route all traffic through tails?
« Reply #6 on: January 13, 2016, 11:00:59 am »
Nice link, ty.

They definitely  will request audience when connection speed is going slow.  ::)

Yah, I didn't write or speak in English for a while, so I have to get comfort to not sound like a noob who lend his passion and his buzzwords while watching mr.robot.

I will read through the tor-documentation as soon as poss. :)





Offline straycat

  • Serf
  • *
  • Posts: 28
  • Cookies: 7
    • View Profile
Re: Route all traffic through tails?
« Reply #7 on: January 14, 2016, 12:15:44 am »
You realize that tails by default sends all connections through tor? Also I don't suggest using your real life identity all over tor there's no need for it. I respect the "I need privacy" bit but judging from the things you've said you really don't. The other problem I see with sending ALL of your traffic through tor is how many legit services and websites block all tor usage.

So take some time and read up about what you're wanting to do and decide if there's a real need for it. I highly doubt after a bit of research you'll still want to go through all the work.

Offline overflow

  • Serf
  • *
  • Posts: 21
  • Cookies: 5
    • View Profile
Re: Route all traffic through tails?
« Reply #8 on: January 14, 2016, 02:49:34 am »
As mentioned above by other users, you don't need Tails just for tor traffic, then you have to ask yourself if you want your ISP knowing that you're on tor (host > vpn/ssh > whonix would probably be a nice basic setup to evade that problem) and also because of correlation attacks. Make sure you use end-to-end encryption because tor doesn't encrypt data passing from exit nodes to server . If you're concerned about your privacy, network routing isn't your biggest problem.
"Personally, I make it a habit to avoid habits."

Offline scarecow

  • /dev/null
  • *
  • Posts: 5
  • Cookies: -1
    • View Profile
Re: Route all traffic through tails?
« Reply #9 on: January 15, 2016, 04:13:24 pm »
It's not an optimal solution, every replay is right. Tor is good just for browsing for information ( perspective of normal user-usage ), and maybe for instant messing ( 512 AES & 2048 RSA for Keysharing would also be more than enough I guess). I'm  just little overwhelmed by the big amount of flaws which maybe leads to compromising my privacy: Mini-Autoloaded-Links of Google and Facebook placed on websites of which I never had an idea they would link to them and hence delivery my browsing habits - there, I could block all ip-ranges they use for this links or just by browsing tor... e.g.

I hate this upcoming way of thinking of the concerns. >>Hide the espionage and no one lose his mind...<<

Maybe I'm crazy enough to punish myself by trying to be untraceable by simultaneously holding most of my browsing habits - fortunately I'm an "e- nomad" and are not linked very hard to special sites or services.
Personally I don't use facebook/whatsapp or anything else, which is sacrificed enough ( in social life perspective  ::) ) to invest even more work on it and learn this stuff to prevent all unnecessary privacy-breaches at all - that I use all of theme and force everyone I know to do the same shit is very unlikely and should be situational. 

If I see people who aren't willed or even able to learn this stuff they have two options: Spread their data or don't us the Internet. 

In short my goals are:  get fluent with privacy-securing-methods, serve this security to people ( family e.g.). Maybe I have to search for the middle course, because I don't believe this will work perfectly and forever,even on my own. :)   

I hope this should clear up my intentions, because I really shot this raw unthoughtful idea in this forum because I believed there is a mediumeasy-install-and-go solution. Tor isn't enough and should be linked with other services to set of habits and knowledge about how to use theme.

When everything was pointless in the end I still would have learned to "hide my tracks" if I need to do so. :)

overflow: Every new solution leads to a deeper and more fundamental ( maybe necessary) solution which absence  could compromise the solution before. Your right. This leads me to the "middle course"-thoughts.
But your anti ISP setup sounds very interesting, I will focus on it when I feel comport with the basics.

 
Thank you for input so far.

Offline Architect

  • Sir
  • ***
  • Posts: 428
  • Cookies: 56
  • STFU
    • View Profile
    • Rootd IRC
Re: Route all traffic through tails?
« Reply #10 on: February 07, 2016, 12:03:41 pm »
My favorite thing to do is have a Damn Small Linux virtual box setup as a firewall; it's virtually undetectable, easily managed, and completely separate from my box. Acts like a sandbox and through it I route everything so it's like having an extra hop that can't even be traced back. Send all anonymized packets through the firewall.

Edit: don't forget to test your own environment for security holes from time to time. Always audit your virtual boxes.

useful vbox must haves
« Last Edit: February 07, 2016, 08:24:44 pm by Architect »