Using Tor for webcams and baby monitors due to Tor’s security design sounds nice and all, but… one thing that’s missing from that PDF is how horrendously low* throughput of the Tor network as a whole. It’s dependent on individuals and organizations volunteering bandwidth and compute cycles, and the last time (2 or 3 years ago?) I tried using Tor, it was a terribly slow experience even for regular browsing.
Forget streaming webcams and baby monitors, even highly distributed Youtube videos with edge servers worldwide are sluggish as heck!
[ * ] With loads of caveats. There are fast nodes out there, and you can set up a fast relay of your own to use as the first hop, but the over all throughput is still very much dependent on others in the onion network.
I think what should be taken from the slides is “this is a solved problem”.
Tor as it is today may not be up to serving the throughput and latency needs, but the protocol and near-zero effort for the end user to access their devices is.
I have hope that now we have this thought developers will run with it rather than go all ZOMG WEBSCALE CLOUD BBQ on it or try to re-invent their own version of Tor.
Maybe all that is needed is a private closed Tor service (self hosted on the devices themselves) to push signalling over (think encryption keys) and then you can make a direct connection.
Of course the assumption here is that this is a technical problem. Programming rarely is the hard part, the economics for the manufacturers may simply favour centrally controlled infrastructure.
I have a BeagleBone in my house running Tor and SSHD, and it’s allowed me to rsync stuff from my laptop to the house’s NAS. That said, putting your IOR gizmos on Tor services doesn’t really seem that good a solution.
Why not just port forward SSH or rummage around for IPv6 providers?
A pubically exposed SSH server that has password authentication disabled is surely a better fit here?
The problem is that SSH port forwarding is janky from a UX perspective, and somewhat limited.
You could do a VPN. Even SSH can do that, but for its tun device to work, you may have to be root.
This lets me avoid having any public-facing IP addresses.
(Which means my Aspiring Monopoly Inc. ISP doesn’t even know I am running a server.)