[HN Gopher] Tor: From the Dark Web to the Future of Privacy
___________________________________________________________________
Tor: From the Dark Web to the Future of Privacy
Author : bauruine
Score : 245 points
Date : 2024-04-25 07:07 UTC (1 days ago)
(HTM) web link (direct.mit.edu)
(TXT) w3m dump (direct.mit.edu)
| susan_segfault wrote:
| Cheers for this, I'm the author - AMA! :) A big motivation in
| writing the book was to feature the voices of the people we often
| don't hear from in the Tor community (which is why there's a
| whole chapter on the people who run the relays).
| datadrivenangel wrote:
| What are your thoughts on the integrity of the network against
| state actors?
| alt227 wrote:
| I assume that TOR is vulnerable to the 51% attack? If so I
| would imagine that state actors have the ability to spin up a
| million containers each hosting a node and easily take
| control (or at least be able to start tracing connection from
| entry to exit node).
|
| However Im sure this would be immediately obvious (unless
| they have been slowly doing this since the begining of TOR)
| bombcar wrote:
| IIRC there is at least one known case where a moderately
| major criminal was let go rather than the government
| disclosing how they got the evidence on him. The assumption
| has been that they had a way of compromising TOR that they
| didn't want to reveal.
| generalizations wrote:
| One implication of that - make sure there's no available
| means of parallel construction, and it's ok if they catch
| you in some way they don't want to reveal. As long as
| you're not valuable enough, that is.
| bombcar wrote:
| That's the real bar for any security, really - make it so
| it's not worth the while of people who could defeat it.
|
| Because eventually, no matter what you do, if you're up
| against a nation state, they'll just make you dead.
| susan_segfault wrote:
| There's a lot in the book about this - it depends what you
| mean. Tor has a lot of social and technical design elements
| that try as best they can to minimise this risk. It would be
| pretty hard for intelligence services to compromise the Tor
| organisation in ways that meant they were deploying malicious
| code, for example. Plus, the way it's grown over the years
| has also given them some protections.
|
| In terms of deanonymising people through surveillance (for
| example, by spying on the whole Internet and tracing you
| through the Tor network), Tor explicitly doesn't protect you
| against this. The decision was made early on - they switched
| all the high-security design elements to 'off' to make the
| network faster. They calculated that a hyper-secure network
| that was so slow no-one used it was less secure - i.e. made
| less privacy exist in the real world - than one that was less
| secure but used by millions, because that would give you a
| huge crowd of people to hide in. This gets really complicated
| - because you also want lots of different kinds of people
| using the network, so they can't tell if you're a drug
| dealer, an activist, a spy etc. just because you're using
| Tor.
|
| Individual bits of major intelligence organisations can
| probably deanonymise you at some times, and not at others.
| The real question is if they can do so in a way that's
| dangerous to you in a sustained way, and if it's actually
| useful for them to do this. Usually, it's easier to do this
| through simpler mechanisms (bribing your friends, putting a
| camera in your bedroom, figuring out who you are etc.) than
| compromising the Tor network. Some security services
| absolutely will be researching and developing ways to
| deanonymise larrge numbers of Tor users at a given time - but
| in general, the budget for this is going to be quite high on
| a per-user basis (so you'd have to be a prime target for it
| to be worth it), and a lot of the complexity of the Internet
| geography makes this quite hard itself.
|
| Ultimately, for any given high value target, there are
| usually easier ways to get them than through breaking Tor. In
| almost every case, a person will make a basic OPSEC error
| long before mass-scale traffic analysis gets them.
| htrp wrote:
| The rubber hose cyptography xocd comes to mind
|
| https://xkcd.com/538/
| generalizations wrote:
| The scenario that I understand is more plausible, is when
| state level actors might control some large fraction of tor
| nodes. Not that they have visibility into the entire
| internet (not ruling that out, though). The rule of thumb
| I've heard is that if you're a sufficiently valuable
| target, best assume Tor is compromised.
| jazzyjackson wrote:
| "don't become an enemy of the state" is my go-to security
| posture
| geraldhh wrote:
| same, though there are ppl that become so by chance or
| occupation
| belorn wrote:
| Controlling a large fraction of tor nodes is possible,
| but there is a large cost associated with it. Tor has a
| reputation system when it comes to nodes, and in order to
| gain a large fraction of tor nodes you need to
| continuously have a presence for a long period of time.
| Having such long term presence also risk gaining
| visibility and become detected, and require good and
| consistent secops. As the network expands this also mean
| the attacker need to expand in equal rate.
|
| It is a assumed vulnerability of the network. The biggest
| question is if any state actor would consider it
| economical to do it compared to alternative methods.
| Personally I suspect that it is actually cheaper to have
| visibility into the entire internet, since that method
| bring value beyond tor and you do not need major secops
| to pull it off.
| CommitSyn wrote:
| If you have a suspected target and you can shape traffic
| on the internet (state actor) there's a much easier way
| to gain access to the websites visited by your target
| than by controlling a large number of nodes. It's still
| noisy, but doesn't generate any scary warnings in tor
| browser (unless you look at the logs, or pay attention to
| your connected nodes like with the Onion Circuit GUI in
| Whonix).
|
| Use a DoS attack against nodes, like the 2-3 years
| ongoing attack which has lately progressed to a 100% CPU
| usage DoS against any targeted node. You still have to
| control a decent number of nodes, but you simply DoS (or
| DDoS, much noisier) the nodes that your target is
| connecting to. Once you have them connected to your
| guard, relay, and exit nodes, you continue the DoS on
| other nodes until you get the data you need - shorter
| time is better. I believe this method is being used
| currently, as I read a post from someone about it
| recently and noticed something similar happening when I
| started paying attention to nodes, although it seems it
| may have stopped for now.
|
| I'm sure there are many vulnerability chains being
| exploited in tor. Here's an interesting tidbit from the
| Snowden leaks, which most people took that screenshot of
| "tor stinks :(" to mean it's safe. At least with
| JavaScript completely disabled, right?
|
| > Tor users often turn off vulnerable services like
| scripts and Flash when using Tor, making it difficult to
| target those services. Even so, the NSA uses a series of
| native Firefox vulnerabilities to attack users of the Tor
| browser bundle.
|
| > According to the training presentation provided by
| Snowden, EgotisticalGiraffe exploits a type confusion
| vulnerability in E4X, which is an XML extension for
| Javascript. This vulnerability exists in Firefox 11.0 -
| 16.0.2, as well as Firefox 10.0 ESR - the Firefox version
| used until recently in the Tor browser bundle. According
| to another document, the vulnerability exploited by
| EgotisticalGiraffe was inadvertently fixed when Mozilla
| removed the E4X library with the vulnerability, and when
| Tor added that Firefox version into the Tor browser
| bundle, but NSA were confident that they would be able to
| find a replacement Firefox exploit that worked against
| version 17.0 ESR. The Quantum system
|
| > To trick targets into visiting a FoxAcid server, the
| NSA relies on its secret partnerships with US telecoms
| companies. As part of the Turmoil system, the NSA places
| secret servers, codenamed Quantum, at key places on the
| internet backbone. This placement ensures that they can
| react faster than other websites can. By exploiting that
| speed difference, these servers can impersonate a visited
| website to the target before the legitimate website can
| respond, thereby tricking the target's browser to visit a
| Foxacid server.
|
| > In the academic literature, these are called "man-in-
| the-middle" attacks, and have been known to the
| commercial and academic security communities. More
| specifically, they are examples of "man-on-the-side"
| attacks.
|
| > They are hard for any organization other than the NSA
| to reliably execute, because they require the attacker to
| have a privileged position on the internet backbone, and
| exploit a "race condition" between the NSA server and the
| legitimate website. This top-secret NSA diagram, made
| public last month, shows a Quantum server impersonating
| Google in this type of attack.
|
| > The NSA uses these fast Quantum servers to execute a
| packet injection attack, which surreptitiously redirects
| the target to the FoxAcid server. An article in the
| German magazine Spiegel, based on additional top secret
| Snowden documents, mentions an NSA developed attack
| technology with the name of QuantumInsert that performs
| redirection attacks. Another top-secret Tor presentation
| provided by Snowden mentions QuantumCookie to force
| cookies onto target browsers, and another Quantum program
| to "degrade/deny/disrupt Tor access".
|
| From https://www.theguardian.com/world/2013/oct/04/tor-
| attacks-ns...
|
| Let's not forget about the NSA backdooring internet
| backbone routers and slurping data from undersea cables
| https://en.m.wikipedia.org/wiki/ANT_catalog
|
| It's quite clear to me the US (and the other major
| Western players) are preparing for a large-scale war and
| know a great deal of spies are already living in the
| country. Warrantless wiretaps for any connections outside
| of the USA, and mandatory KYC for any cloud providers
| (VPS etc) within the US. In other words, the surveillance
| dragnet is now operating at a complete and full scale.
| Privacy is dead. If you would like to be an activist or
| give valid criticisms of the government, just know that
| your devices are likely going to be hacked and your
| communications decrypted. Airgapped computers may for now
| be safe with a faraday cage and components stripped out.
| Mesh networks like Briar are only useful as long as your
| phone is secure.
|
| I wish I was simply being overly paranoid.
|
| https://www.brennancenter.org/our-work/research-
| reports/refo...
|
| https://torrentfreak.com/u-s-know-your-customer-proposal-
| wil...
|
| https://www.ic3.gov/Media/Y2024/PSA240425
|
| https://www.gov.uk/government/news/new-powers-to-seize-
| crypt...
| Jerrrry wrote:
| >DoS nodes
|
| DoS'ing a server and correlating timeouts is a well-known
| but still discernible technique.
|
| Random delays and packet data have been added to help
| bugger against this and timing/padding/other side-channel
| attacks.
|
| At this point most servers operate multiple random
| timeouts + blackouts + array of mirrors/jugglers to
| mitigate this de-anonymization technique.
| keepamovin wrote:
| One gap seems to be provision of HTTPS for onions.
| LetsEncrypt should really get on this. Aligns well with
| their mission right?
| susan_segfault wrote:
| Also - it's completely free open access, but you can also buy a
| copy here if you like spending money:
| https://mitpress.mit.edu/9780262548182/tor/
| Algemarin wrote:
| > it's completely free open access
|
| Why are the PDFs individually watermarked?
|
| It seems antithetical to the spirit of releasing a book about
| Tor and "future of privacy", and to then not only watermark
| each PDF, but to not explicitly state that this is the case,
| let alone explain why.
| andirk wrote:
| And several analytics type of tracking pixels on the page
| as well. Not a big deal nor likely controllable by the
| author.
| ametrau wrote:
| It's the mit press who's publishing it no? I very highly
| doubt the author has access to tracking decisions made by
| the org putting the work out.
| giancarlostoro wrote:
| Watermark? In the original link the thread is based on,
| there is no watermarks, its probably something the
| publisher that sells is just happens to do.
| matthberg wrote:
| I agree it seems a bit scummy, yet likely unavoidable for
| the author due to the way MIT Press distributes things.
|
| It's thankfully licensed under Creative Commons
| Attribution-NonCommercial-NoDerivatives 4.0, which allows
| for converting the content to other formats (given
| attribution and non-commercial use, same license, etc etc)
| [0]. I'd reckon that making a de-fingerprinted version and
| redistributing it as an epub, md, or pdf again would be
| allowed, then.
|
| As for getting a clean copy to work from, using Tor would
| be quite fitting. I plan to convert the version I
| downloaded to epub for ereader use, maybe downloading it a
| couple times over different routes and combining to see if
| that has any impact on the fingerprinting. I'll comment
| with a download if I get to that and feel it's of a quality
| worth sharing.
|
| 0: https://creativecommons.org/licenses/by-nc-
| nd/4.0/deed.en#re...
| tarruda wrote:
| One thing I'm curious about Tor: What are the incentives for
| running a node?
|
| If there are no monetary incentives, then how does it achieves
| decentralization? Also, what stops a malicious actor with enough
| resources (a government) from controlling a big portion of the
| network?
| LordDragonfang wrote:
| People can do things altruistically - there doesn't always need
| to be a bitcoin-style monetary incentive. Lots of people run
| exit nodes because they believe in privacy and freedom of
| information.
|
| That said, you're absolutely right about large entities being
| able to control a large number of nodes, which is why a great
| number of nodes are controlled by governments trying to do so
| and also prevent foreign adversaries from being able to.
| tredre3 wrote:
| > Lots of people run exit nodes because they believe in
| privacy and freedom of information.
|
| I used to do that. But I've ultimately decided that the
| prospect of fighting accusations of abuse or crimes committed
| through my network wasn't that enticing. Proponents will try
| to downplay the risks by using vague ideological nonsense
| like "don't worry, an IP doesn't legally represent a person
| ;)" which, even if true, won't prevent a rather unpleasant
| ordeal.
|
| Running a relay is likely fairly low-risk and still a good
| thing for the network, though.
| Dunedan wrote:
| > People can do things altruistically - there doesn't always
| need to be a bitcoin-style monetary incentive.
|
| For a few years Oniontip [1] allowed tipping Tor relay
| operators with Bitcoin. In my opinion that was a quite nice
| combination of technologies, as it allowed to anonymously tip
| operators of a service providing anonymity on the internet.
|
| [1]: https://github.com/DonnchaC/oniontip
| llm_trw wrote:
| Bit coin is not anonymous. It is literally a ledger of
| every transaction ever made. Monero is what you want if you
| value anonymity.
| LordDragonfang wrote:
| I mean, bitcoin is a lot more anonymous if you host your
| own wallet and don't cash out through an exchange (or
| don't cash out at all) - you're just a number. That's
| definitely not the modal use case today (where its
| primary use is as a vehicle for ~~gambling~~financial
| speculation denominated in dollars), but was a lot more
| common 10 years ago when that project was created.
| llm_trw wrote:
| Or you just use a crypto currency with anonymity build
| in.
| LordDragonfang wrote:
| Sure, but that was probably pretty hard to do ten years
| ago when this was being developed, because, y'know,
| Monero didn't exist yet (or had only existed for a few
| months and had no users)
|
| Also, bitcoin actually _was_ more private back then,
| because KYC rules were much more lax.
| 6LLvveMx2koXfwn wrote:
| There are no incentives for running a Tor node except altruism
| and the perhaps nebulous claim that by doing so you will be
| making the network better.
|
| There is nothing stopping a state actor controlling a large
| percentage of nodes thus increasing the likelihood that your
| anonymous communications are nothing of the sort.
| Scoundreller wrote:
| But warring state actors competing with each other on that
| offers me some protection.
| ykonstant wrote:
| Assuming they compete. If I were a state entity with a
| vested interest to compromise tor, I would cooperate with
| peers to that end, enemies or not. It is in every state's
| interest to have protocols in place for conditional
| cooperation with hostile states. At the agency or team
| level, these protocols can be quite effective.
|
| After all, the field agents probably meet once or twice a
| year at some math/CS conference in France anyway.
| anon012012 wrote:
| And this is why governmental privacy is unethical... All
| should be open to peer review. For the people, and for
| the world.
| ykonstant wrote:
| I don't see how this would help. Such protocols may not
| even be written down, but rather implicitly passed from
| mentors to mentees in security agencies. I am all for
| government transparency, but no amount of transparency
| will reveal that a cluster in Utah is in direct link with
| a cluster in St. Petersburg is in direct link with a
| cluster in Kiyv to provide unmasking services to their
| administrators.
|
| These administrators can then launder the information to
| their respective agencies by means of any number of play-
| pretend activities you can write up for the transparency
| committee. The agency doesn't even need to (officially)
| know.
| spookie wrote:
| Aren't there ways to filter out untrusted nodes?
|
| (Edit: I say this, but in reality I also think it's pretty
| safe to assume most are government controlled)
| ghthor wrote:
| You can connect through a locally running node, which reduces
| latency to some degree.
| petre wrote:
| > What are the incentives for running a node?
|
| You are workng for the FBI.
| Scoundreller wrote:
| > What are the incentives for running a node?
|
| It costs my ISP resources but I pay a flat rate. That would
| have value to me.
| chii wrote:
| if enough customers of the ISP do this, they will no longer
| charge a flat rate. It's just that some people manage to
| consume resources that other customers don't atm.
| electroly wrote:
| Nothing at all stops that, and there's scarce incentive for
| independent node operators. Indeed, it is commonly surmised
| that many node operators have a hidden incentive: they're
| explicitly trying to control enough nodes to deanonymize
| traffic because they are law enforcement agencies.
| susan_segfault wrote:
| (with the understanding that I'm only speaking for what I
| found, not for the Tor project or the relay community)
|
| Most of the people I spoke to saw themselves as providing a
| service - they wanted to help do something to bring a
| particular kind of future Internet about and found it rewarding
| to be a part of that. A number of them found the act of running
| a relay interesting and fun in itself - something they could
| get better at. Plus, membership of the relay community itself
| (especially now) is a kind of shared experience of community -
| and that's attractive to people in itself.
|
| In terms of malicious actors, Tor does a lot to avoid this,
| from hunting down bad relays actively, monitoring the network
| as best as it can, continuously developing the algorithms which
| select routes through the network, and other mechanisms, like
| forcing relays to operate for a while before they get trusted
| with a lot of connections.
| bauruine wrote:
| There are no incentives. I'm pretty sure the vast majority does
| it for altruistic reasons. At least all those I've met. Many
| run relays with spare resources they pay for anyway. Others
| rent a cheap VPS to run a relay. $10 gives you a surprisingly
| large amount of bandwidth if you avoid the cloud like the
| plague.
|
| Governments have other possibilities. Why should they run a
| relay if they can force the ISP to mirror the traffic of all
| relays to them?
| alt227 wrote:
| Governments dont have authority outside of their borders.
| They cannot force foreign ISP to give over the same
| information. Therefore they could only mirror nodes on IP
| addresses issued to companies in their country.
| throwaway48476 wrote:
| Governments will just get other governments to let them tap
| their fiber.
| rank0 wrote:
| Can you expand on that last bit? I don't understand how this
| compromises the entire network or any individual user. The
| ISPs only have layer 3 data in plaintext. We can perform
| timing/throughput analysis attacks against individuals, but
| not the entire network. These operations are VERY
| expensive/difficult.
| bauruine wrote:
| Not an expert at all but from my understanding a traffic
| correlation attack doesn't require someone to run the relay
| he just needs to see what traffic enters and leaves it. So
| the German BND for example can just go to Hetzner (15% Tor
| traffic) and ask them to mirror the traffic of all relays
| to them. They don't have to run any relays themselves.
|
| Alt227 has a point but the Tor network is centered around a
| handful countries where traffic is cheap and there aren't
| that many huge IXs and Tier 1 ISPs where much of the
| traffic flows through.
|
| I'm not saying that this is done but it's IMHO more likely
| than state actors running thousands of relays.
| rank0 wrote:
| I think we have the same understanding. I read this as
|
| "a state actor has the physical capabilities/resources to
| perform an attack that determines Alice was speaking to
| Bob."
|
| I totally agree. Im just pointing out that we still have
| layer 5 encryption to protect the contents of our
| messages. Also at that point, if you're so important they
| would just grab a warrant and raid your home.
| dustfinger wrote:
| I have no significant knowledge of how TOR works, so I might be
| off the mark here. Perhaps one incentive is that by running
| your own node, you can utilize it as an entry or exit node for
| your own activities over TOR. By controlling either the entry
| or the exit node, you know that a bad actor does not control
| both of the nodes involved in your own usage. Just a thought.
| Maybe this strategy is flawed somehow. Please chime in and
| correct me if you see a flaw in this strategy.
| mmcdermott wrote:
| Couldn't running an exit node be a cover for other activity?
| One that provides a reasonable doubt as to whether it was the
| operator or some other actor who did something unsavory from an
| IP address?
| schoen wrote:
| I thought there was a classic statement from the Tor
| developers that you _shouldn 't_ do this, but the closest
| that I found on the site is the part about not running an
| exit node from home (as it might make law enforcement more
| interested in seizing your home computer).
|
| This question
|
| https://support.torproject.org/relay-operators/#relay-
| operat...
|
| also seems to imply that it _might_ be useful to run a node
| to provide cover for your own traffic (though not an exit
| node in your home), but that it isn 't known for sure how
| useful that is.
|
| I think the core argument against your suggestion is (1)
| having your devices more likely to be seized is just plain
| harmful to you; (2) if you're personally doing something that
| law enforcement cares about, having your devices more likely
| to be seized increases you risk that they could discover that
| by seizing those devices; and (3) there may be traffic
| analysis techniques that law enforcement could use to
| distinguish between your own traffic and your exit traffic,
| like trying to correlate inbound Tor circuit activity with
| exit traffic, and attributing the traffic to you if it
| couldn't be matched up with an inbound circuit.
| throwaway48476 wrote:
| This is a bad idea because the police will break down your
| door based on IP.
|
| It might be a good idea in a prosecution to raise
| reasonable doubt. Few people are willing to play punching
| bag for the police to find out. Also the general technical
| skill of the average cop and prosecutor is quite low.
| GoblinSlayer wrote:
| By running a node you maintain tor you might use yourself. If
| tor goes away, you won't be able to use it.
| cess11 wrote:
| You learn a lot, make friends and enemies, and get privileged
| access to a node.
|
| It's also a bit like picking up trash when you're out for a
| walk, it's just a nice and proper thing to do to make society a
| better place to live in.
| doctorpangloss wrote:
| > Wealth and power, the complicity of institutions, governments
| and communities that ignore the rights of children and disbelieve
| and disempower them--all of these provide far better privacy
| protections for child sex abusers than the Tor relay network ever
| could.
|
| Either the technology is good enough to make people anonymous
| despite their lack of wealth, power, complicity of institutions,
| or it's not. It can't be a weak technology only in the context of
| the biggest problem with Tor.
|
| > Some pointed out that it was bizarre for Tor to condemn neo-
| Nazis using its network when it had been largely silent on the
| documented issues of child abuse... much of the negative reaction
| to the activist turn in Tor was motivated by a reactionary
| queasiness towards feminism.
|
| Well yeah, that is bizarre. You're making it sound like, if we
| understood the tribe of college and graybeard libertarians
| better, compared to better-known, run-of-the-mill progressives
| and "intersectionality," then we can forgive how "bizarre" this
| sounds.
|
| I don't think that stuff matters. The commentary from the
| operators makes the whole effort look insincere. I don't think
| that relay operator _actually_ cares that much about Turkish
| dissidents or whatever. That operator is definitely interested in
| being dramatic and provocative. That 's how most libertarian
| ideas sound. They could align in some ways with social justice,
| but its failure in the marketplace of ideas is as simple as
| insincerity + drama.
| susan_segfault wrote:
| Those are fair points. I would argue that it's not the tech
| that's weak, but that the protection that powerful people get
| from institutions, local networks, status in their communities
| etc. often give them so much access to practical power that
| they essentially don't need anonymity - because these
| institutions protect them.
|
| In terms of condemning particular use cases (or deciding not
| to), I'm more trying to represent a particular argument that
| some people make about Tor (and lots of other technologies) -
| i.e. that the tech itself shouldn't carry explicit
| values/politics, those should all be down to the users. The
| argument is particularly strongly made by some privacy
| advocates as they see things like Tor becoming the foundations
| of a new Internet - and hence needing the broadest possible
| base of support. There's obviously a lot of good arguments
| against this philosophy, but I figured I should try to
| represent the different ways people think about Tor in as good
| faith as possible.
|
| Obviously sometimes when people argue that they just have an
| issue with feminist values - sometimes it is definitely
| disingenuous. But I think there was a wider moment in the Tor
| community - in which a lot of people were concerned about the
| transition to a much more professional NGO, more strongly
| aligned with liberal, 'digital democracy' visions of US
| geopolitics, and away from a more chaotic and anarchic
| coalition. While I think there was a clear need for Tor to
| change and this was as much about its place amid wider changes
| in the landscape of digital rights, US tech, and hacker
| politics as anything else, it does give us a way (I think) of
| understanding the conflicts and choices that might emerge in
| Tor and other privacy enhancing infrastructures in the future.
| doctorpangloss wrote:
| > because these institutions protect them.
|
| All I am saying is that you could replace your antagonists in
| that line with "journalists" and you'd be like, "no wait,
| that's not true," and you'd be as wrong about journalists as
| anyone else.
|
| Either there are some powerful institutions protecting
| journalists too, OR Tor _is_ powerful enough to protect
| journalists. If it 's not good enough for journalists, why
| bother? If it's good enough for journalists, listen, it's
| also good enough for criminals.
|
| Anyway, some journalists are themselves powerful people!
| Maggie Haberman, John Carreyrou and Ronan Farrow are powerful
| people, and they don't need anonymity. There are powerless
| criminals too, I'm sure, who need anonymity to engage in
| criminal conduct without getting caught. You could live on an
| island with a Starlink Internet connection, literally
| divorced from institutions and communities, and you could
| engage in anonymous criminal activity with Tor, it would be
| your only way of doing that. It would be practicable and
| realistic. Where we really disagree is: I think the average
| person already lives in a metaphorical island, this isn't a
| fringe opinion, and thus no matter what they are doing, Tor
| is providing them not with anonymity - they are already
| anonymous in almost all ways that matter, already nobody
| cares what the average person is up to - Tor is providing
| them protection from law enforcement.
|
| > chaotic and anarchic coalition
|
| Those high drama characters were the only ones foolish enough
| to run exit nodes or relays. I am confident this is true but
| I have not investigated: not a single professional NGO
| employee or grant recipient, living in New York or Los
| Angeles, under the age of 40, is personally running a Tor
| exit node.
|
| Those professionals are absolutely correct in their
| assessment that they would receive a much harsher punishment
| for so much as breathing on the third rail criminal activity
| on Tor compared to their colleagues who engage in some civil
| disobedience on highways here or there. And without exit
| nodes or relays, there's no Tor.
| susan_segfault wrote:
| I would absolutely agree that there's journalists who get
| significant power and protection from their proximity to
| major institutions and centres of power. Tor is useful for
| protecting journalists in situations where they don't have
| access to that kind of protection. I would agree as you say
| that's also the case for people that it protects who want
| to commit really awful forms of harm (who might not have
| access to this kind of protection). But I'd argue that - in
| most cases - the majority of really serious and widespread
| forms of harm are able to exist because of their proximity
| to different kinds and systems of power. That's not always
| the case - and these systems of power can compete with one
| another - but I think it generally holds.
|
| And given that the vast majority of online crime of all
| kinds isn't anonymous but goes entirely un-enforced against
| by law enforcement, I would argue that Tor's efforts to
| distribute power online make relatively little impact on
| the kinds of crime and harm we see online compared to a lot
| of other infrastructures built on top of the Internet. I've
| generally found the more I do this kind of research, the
| less convinced I am by technical fixes to major social
| problems - I don't think Tor is a 'fix' to the problem of
| power, but I think it opens up the battleground a bit for
| more different (and possibly more hopeful) kinds of future
| Internet to be built and asserted, that look less like the
| locked down and centralised versions we're being pitched
| just now. But I take your points and appreciate you
| engaging with the arguments in the book.
|
| Actually the relay community is pretty diverse - they have
| some colourful characters but actually a lot of them are
| just IT professionals, activists, and people working for
| libraries or universities. They have come up with some ways
| (which I talk about in the book) of making them much less
| likely to get hassle for running an exit - and generally
| most exit relay operators proceed just fine.
| llm_trw wrote:
| >Obviously sometimes when people argue that they just have an
| issue with feminist values - sometimes it is definitely
| disingenuous. But I think there was a wider moment in the Tor
| community - in which a lot of people were concerned about the
| transition to a much more professional NGO, more strongly
| aligned with liberal, 'digital democracy' visions of US
| geopolitics, and away from a more chaotic and anarchic
| coalition. While I think there was a clear need for Tor to
| change and this was as much about its place amid wider
| changes in the landscape of digital rights, US tech, and
| hacker politics as anything else, it does give us a way (I
| think) of understanding the conflicts and choices that might
| emerge in Tor and other privacy enhancing infrastructures in
| the future.
|
| Yes, you need to be a toxic slug or you will be eaten.
|
| I was around for the transition and it was anything but
| clean. The only reason why tor didn't implode like women who
| code recently did is that it has a clear core product which
| the old developers kept chugging along despite the best
| efforts of the new 'professionals'.
| aendruk wrote:
| There's an "epubviewer" but no EPUB?
| susan_segfault wrote:
| Fully open access PDF version free here:
| https://direct.mit.edu/books/oa-monograph/5761/TorFrom-the-D...
|
| Though do consider buying it if you like it!
| crtasm wrote:
| Is there an EPUB for sale somewhere?
| susan_segfault wrote:
| Aye absolutely - some links here:
| https://www.penguinrandomhouse.com/books/744367/tor-by-
| ben-c...
| hhfghf wrote:
| It seems, at the beginning of the 90s there were a lot of
| expectations in regard to DC-nets, considered to be a way better
| alternative to remailers of the time [1]. At least that's my
| impression after reading Tim May's FAQ (The Cyphernomicon) [2].
| Any progress on this front?
|
| [1]: https://en.wikipedia.org/wiki/Anonymous_remailer
|
| [2]: https://hackmd.io/@jmsjsph/TheCyphernomicon
| susan_segfault wrote:
| This is a question I always find really interesting. There are
| still a lot of alternative systems circulating - often in the
| mid-latency space - which aim to solve design issues of Tor.
| Someone releases something intended to be a Tor killer every
| few years, but they rarely last. Tor still remains the only
| anonymity solution currently operating at global scale without
| depositing all your trust in e.g. a VPN provider, partly due to
| network effects (the installed size of the user base is its own
| protection, so any competitor system is going to perform worse
| at the outset regardless), the relative lack of tolerance for
| anything but the lowest possible latency, highest possible
| usability system for almost all users, and Tor's lasting
| success in establishing itself culturally as a global brand
| that can appeal differently to very different user groups.
| Tor's devs have also been very good at modularising and
| standardising the tech so it's been great at getting itself
| incorporated at the ground level of other technologies - and
| upcoming changes are only going to make that more the case. I
| do think that there's a good chance for other systems and
| models to take off that make different design decisions, but
| they would have a lot of economic, technical, and cultural
| barriers to circumvent. Not all of them are to do with the
| theoretical security of the system - for example, DC-net
| designs were always traditionally quite vulnerable to Denial of
| Service attacks via collision, and some of the best attacks
| against anonymity systems can use 'higher security' properties
| against them. There's a discussion of some of this in Chapters
| 4, 5, and 6 of the book if it's of interest - also a huge
| amount written about this by scholars in PETS, WEIS, and other
| conferences (and blogs, papers, textbooks etc. in cryptospace).
| paravirtualized wrote:
| PSA: It's Tor not TOR.
|
| https://support.torproject.org/#about_why-is-it-called-tor
| photochemsyn wrote:
| I don't think much of this writing style. What's the tor attack
| surface? Are all the tor boxes on the internet backdoored by the
| NSA? Is tor a honeypot or is tor not a honeypot?
|
| As far as I can tell tor was designed by spooks to allow remote
| agents operating in foreign countries a means to communicate with
| headquarters without being traced. It was never designed to allow
| two entities to communicate anonymously. The metadata always gets
| exposed, doesn't it?
|
| Using tor also violates the hide in plain view principle, which
| all real spooks adhere to religiously.
| throwaway48476 wrote:
| There was a guy in a dorm who thought he was anonymous using
| tor on the schools website. They caught him because it turns
| out he was the only one using tor. In some ways it is a
| honeypot.
___________________________________________________________________
(page generated 2024-04-26 23:02 UTC)