How a portable travel router can put TOR web-surfing security in your pocket

Introduced at Def Con 22, a project called PORTAL aims to make it much easier to keep your Internet traffic private via the TOR network.

Most of the stories coming out the Black Hat and Def Con security conferences highlight the latest crop of horrendous security flaws discovered by hackers. But it's not all doom and gloom. There were also presentations from developers actively trying to make digital security better for all.

Consider the privacy-protecting travel router defined by the Personal Onion Router to Assure Liberty (PORTAL) project. It aims to protect personal privacy with little effort--at least once you're up and running.

Currently a DIY project that's really only appropriate for power users, PORTAL uses a travel router with modified firmware that anonymizes all Internet traffic by connecting to The Onion Router (TOR) network. While PORTAL looks difficult to build right now, the creators are aiming to make the project more accessible to users, according to Ars Technica.

Even if you're not a criminal or political dissident, there are many reasons to keep your Internet surfing habits as private as possible. For example, you may object to the data-gathering activities of the National Security Agency and other intelligence groups just on principle. The downside of using TOR, however, is that it can slow down your browsing speeds (although TOR speeds have improved in recent years).

PORTAL is the brainchild of Ryan Lackey, security engineer at CloudFlare; Marc Rogers, principal security researcher for Lookout Security; and another well known security researcher who goes by the handle The Grugq. Lackey and Rogers discussed the PORTAL project at Def Con 22. You can check out the presentation slide deck here.

Security in your pocket

Travel routers are pocket-sized battery-powered and/or wall pluggable devices that can connect either to a wireless broadband network or a local Wi-Fi network. The router then functions just like a home router, connecting multiple devices to the Internet at one time.

The idea of making a travel router do all the work of connecting to TOR gives user devices an added boost of security. By isolating all the TOR connections to a separate device that can be nearly always on, you reduce the chance of forgetting to connect via TOR to maintain anonymity. The router also doesn't contain any of your personal information, reducing the chance of exposing personally identifiable data online.

There are many projects trying to help users stay anonymous online, mostly by using the TOR network. These include PogoPlug Safeplug and the Onion Pi that turns a Raspberry Pi mini computer into a TOR router.

The difference with PORTAL is it takes advantage of of TOR's pluggable transports API. Despite being relatively anonymous, online monitors can identify which traffic is TOR traffic and which is not. Pluggable transports can help mask TOR traffic so that it looks like non-descript Internet activity.

While PORTAL is an interesting project, right now it requires users to know how to flash a portable router's firmware. The instructions for getting started also assume a higher level of knowledge than most users have. Nevertheless, if you want to try your hand at PORTAL, you can find all the details, including recommended router models, on GitHub.

If you do give PORTAL or just plain old TOR a try, remember that your Internet traffic can be exposed once you exit TOR to connect to a website. You can avoid this by forcing your PC to connect to websites using https encryption whenever possible with browser add-ons such as HTTPS Everywhere.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags privacyhackingintrusionTorThe OnionArs Technica

More about National Security Agency

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

More videos

Blog Posts