I could see that being a reasonable possibility since the journalist’s endpoint might contain the private information (or enough to deanonymize them) of several sources. I would still recommend sources use at least the Qubes isolated configuration if SW only approach is to be used. The only inconvenience is the setup time and it’s already a lot more secure. In general up-to-date smart phones are more secure than desktop OSs, so e.g. Briar / Signal might be more secure than the local testing configuration, especially if the desktop OS isn’t fresh, and is running all sorts of software. The next release of Ubuntu will finally default to Wayland so users get intermediate isolation between programs.
The optocoupler of the data diode design is rated at 50Mbps, but the serial interface tends to cap it at around 2Mbps. I’ve had success in transferring data at around 10Mbps with daisy chained ethernet-to-fiber adapter system and heavily error corrected UDP streams via
udpcast program, but that was never implemented for TFC. The earlier Qubes configuration used UDP for inter-VM communication so the git history has mostly production ready code if there is desire to expand the functionality. You can see one example of such data diode system at github. The forum is picky about sharing links so check the
dyode project under the Github account
The idea of daisy chaining is,
- The Tx-side of first adapter in the chain announces itself to the second adapter
- Upon receiving the signal to it’s Rx side, the Tx side of second adapter sends a confirmation back
- The confirmation is actually forwarded to the Rx of the third adapter
- The third adapter can’t tell its Tx is not connected to the second adapter, and depending on the protocol, the third adapter will either
- Be ready to receive because it received the confirmation from second
- Send a second confirmation back to what it thinks its communicating with via its Tx, but it’s actually forwarded to Rx of fourth adapter.
Regardless of whether three or four adapters are needed, the last one in the chain will only send unnecessary confirmation information wrt. TCP packets, but since it’s only UDP that’s being used, the sending device doesn’t block on not receiving confirmations.
The price isn’t astronomical, but still noticeably higher:
The TTL-data diode takes three 16USD TTL adapters, PCB ~1$, two 3USD optocouplers, and a few other tiny copmonents ~5USD so it’s roughly 60 USD.
The fiber-optic data diode takes 3-4 adapters per direction, so 6-8 units of fiber-to-ethernet adapters at á 30 USD.
SC-to-SC patch cables are about á 8 USD and you need 2-3 per direction so that’s 32-48 USD
Cheapest 3ft Cat5 Ethernet cable is á 3 USD, you need two of those per direction and might want one for WAN connectivity so 12…15 USD
Plus you probably need at least one extra USB-to-Ethernet adapter for the Networked Computer, but if none of the computers feature RJ-45 port, you need four or five depending on whether you want Networked Computer to connect to WAN via Ethernet, or wireless. USB-to-Ethernet adapters are 13 USD on newegg so 13-65 USD.
180…240 + 32…48 + 12…15 + 13…65 brings you to total of 237…368 USD per user. So the daisy chained fiber data diode is 4…6 times more expensive than the TTL adapter version. That alone wouldn’t be too bad, but two netbooks for TCB add about 400 to the price, unless you have old laptops lying around. But it’s still dirt cheap compared to commercial data diode units. I have no price quote, but since they’re usually EAL7+ certified (highest possible common criteria evaluation which imples formal audits etc.), my guess is the prices are between 3,000 and 15,000 USD per unit, and you need two of those per user.
So my guess is average user will rather deal with the 19200…2M baud transfer rates. Companies might be more interested in the fiber-optic version, or using commercial data diodes, especially if they want to establish secure communication nodes for, e.g., executive level communication between offices.