Domain: onion-router.net
Stories and comments across the archive that link to onion-router.net.
Comments · 30
-
Let's see if I got this right
The US government funded Tor development and encourages its use as a way to avoid repressive governments and then considers its use in the US to be a suspcious act.
The irony, it burns!
-
Re:TOR is a US-backed project
Re the AC ' I do admit though that spies could also take advantage of it"
Read the origin papers the grants and funding:
http://www.onion-router.net/Sp...
https://www.torproject.org/abo...
"It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications."
The origins are Office of Naval Research and DARPA. Have a read of http://www.onion-router.net/Pu... AC.
ie bi-directional gov/spy communication that would hide the source and destination from another gov or telco in the middle ie intelligence usage, security technology.
But once a system like that is seen in the wild, it is trackable. You need to hide that under huge amounts of people seeking free speech in oppressive regimes.
Follow the early no-bid federal contract, non-profit, pass through funding or gov funding. -
Re:TOR is a US-backed project
Re the AC ' I do admit though that spies could also take advantage of it"
Read the origin papers the grants and funding:
http://www.onion-router.net/Sp...
https://www.torproject.org/abo...
"It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications."
The origins are Office of Naval Research and DARPA. Have a read of http://www.onion-router.net/Pu... AC.
ie bi-directional gov/spy communication that would hide the source and destination from another gov or telco in the middle ie intelligence usage, security technology.
But once a system like that is seen in the wild, it is trackable. You need to hide that under huge amounts of people seeking free speech in oppressive regimes.
Follow the early no-bid federal contract, non-profit, pass through funding or gov funding. -
Re:Might not be via TOR
Remember that TOR was released by the NSA.
Eh? You mean the Naval Research Labs.
-
Re:Guess who is funding Tor?
Tor was not created by the Air Force. Initial work was funded by the Office of Naval Research via the Naval Research Laboratory. See: http://www.onion-router.net/History.html. You can also see a list of funders here: https://www.torproject.org/about/sponsors.html.en.
Air Force, Navy... point is, it was developed by the military. And it is used by the Air Force... I just noted that the first military link in the google search came up with this... and as the Air Force is the one spearheading the 'cyberwarfare' initiative in our military, it made sense that the Air Force would be the maintainer of military assets within the Tor network...
-
Re:Guess who is funding Tor?
Tor was not created by the Air Force. Initial work was funded by the Office of Naval Research via the Naval Research Laboratory. See: http://www.onion-router.net/History.html. You can also see a list of funders here: https://www.torproject.org/about/sponsors.html.en.
-
Re:It's incredible to me
Wait - wait - wait - I'm straining my gray matter here. Just give it time. Something buried deep in my subconscious - it's fighting to get out -
http://www.onion-router.net/
This website comprises the onion-router.net site formerly hosted at the Center for High Assurance Computer Systems of the U.S. Naval Research Laboratory. It primarily covers the work done at NRL during the first decade of onion routing and reflects the onion-router.net site roughly as it existed circa 2005. As a historical site it may contain dead external links and other signs of age.There you go - there's no way that the NSA might know about some back door in TOR. The Navy certainly wouldn't share any back doors with the NSA, would they?
-
Re:It's not about warrants, or lack thereof
> You seem to mostly know what you are talking about, but this is just FUD. Tor works and is open-source. That e-mail references the source to a modified version of TorButton that apparently had a trojan that ran anon's LOIC DDOS tool. It has nothing to do with the security of Tor or TorButton.
Thanks, that answers some of my questions.
I really don't feel safe using Tor, in part because it was invented by the Naval Research Laboratory and one of its creators has clarified USG interest in the project, so I'll just leave it at this, which is a paper presented on some of its weaknesses. Perhaps some of these weaknesses have been resolved by now; perhaps not.
I don't claim to be an expert, I just think that anyone who really believes that Tor is secure might want to consider whether they have underestimated the capabilities of the government. The USG is really amazing when it wants to be.
-
Re:I was thinking a late April Fools joke.
You shouldn't think of Naval Intelligence being only devoted to things involving ships and the sea. They are an intelligence service first. In fact, it was Navy research that led to the Tor network.
-
Re:"Sue fucking everyone"
I was wondering about this too. A friend kept getting copyright notices from his ISP saying they were going to cancel his service. He thought maybe his computer was infected with something. Turned out he was running TOR and someone terminating at his connection was running a bit torrent client making it appear as if he was.
So I wonder, how many of these people were doing something similar thinking they were helping the oppressed with free speech or government agents protect the country only to be bitten by someone attempting to hide their "illegal" activities and if running TOR would be a valid excuse?
-
article is so wrong
the reporter of that article is an idiot.
Onion Routing was invented at the Naval Research Lab, but it had nothing to do with ships.
If the reporter would have done a cursory reading of http://www.onion-router.net/, which is the page the creators made, the reporter would not have found any mention of ships on the description or summary of what onion routing is.
-
Re:No, this stops
I hate to badger you on this, but the link you provided doesn't provide strong enough evidence for me to feel comfortable supporting your claim.
A link(*) off that page substantiates the claim that the Navy developed it as a research project. However, the Naval Research Labs produce a lot of experimental research so their invention of the project isn't necessarily an enforcement of Tor. That is to say the NRL is about what could be done, not what should be done.
This brings us back to the claim that the DOD "suggests their own personnel to use it when abroad". The Tor page claims this, but doesn't give specifics or cite a DOD source for this information. For that matter, the Tor page doesn't say it is US militaries that use Tor. The page only claims that some agents of some armed force of some country use Tor in some capacity. If I were to try to convince someone else, I would want more specific facts. Ideally the exact document in which the DoD allegedly suggests their personnel use it.
Again I'm not saying your claim is incorrect. I'm just asking for evidence (documentary or otherwise) in support of that claim, so I can use it if I were to attempt to persuade someone. The claims on the "torproject" page are just to vague and unsubstantiated to use in a debate.
-
Re:False sense of security
US Government opened up one of these Anonymous web surfing sites...Many people ended up in the tank
Do you have some proof for these claims?
I suspect OP is thinking of the US Navy's Onion Router project, closed down in 2000. Best I can remember though, it wasn't a secret who was running it, and I find no references to anybody being prosecuted for using it
-
Re:Tor, Freenet, and I2P
-
Re:Kind of makes sense.From: http://www.onion-router.net/
This Is An Official U.S. Navy Web Site operated by the Center for High Assurance Computer Systems in the Information Technology Division of the US Naval Research Lab
-
Arguments for and against.
So the "few arguments" against anonymity on the Internet are the same few arguments that we have for laws and the police. To protect property and lives.
I was attempting to present the fact that there was essentially only one argument against anonymous internet usage, not that there is only one bad thing that can be done behind the cloak of anonymity. I also agree that many vile things can be done behind such a screen. I am not an advocate of protecting criminals.
I do, however, believe that eliminating anonymizing networks like Tor will not stop such criminal behavior. However, it will stop dead the ability of legitimate citizens to securely publish information that has the potential to save lives or advance civilization in profound and unmeasurable ways.
Perhaps the focus should shift in discussions like this one to "How can we encode exit policies in the Tor network to minimize or altogether limit criminal behavior without sacrificing it's noble principle of maximizing free speech?"
It is irresponsible and foolish to demonize a valuable tool because that tool may be used for evil. A Knife can take human life (and does so rather regularly), but we do not blame the knife and criminalize ownership of them. The same can be said about guns, but it is understood (at least in America) that the right to bear arms is more important than the threat of their misuse.
At any rate, back to "What can be done to correct this issue with Tor?". I can envision an OSS type of project that, through a mixture of automatic classification and an online database could enhance exit-policies on Tor nodes to massively curb the types of offenses listed in this article. Hell, I would rather see Tor go to a white-list scheme (can only access approved sites) than dissappear completely.
Whether we like it or not, the technology behind Tor is already in the public domain. The cat is out of the proverbial bag. Big business and government may try to scare those that run Tor nodes into turning off their nodes, but there will always be a people who will not be intimidated. And, lest I forget to mention, Tor was originally conceived of by the U.S. Navy. Clearly, the US military seems to believe that such technologies are important. -
Re:I plead the second.
I think what you are describing is Onion routing. Go setup Tor and help out.
:) -
Re:TOR
I stopped using TOR when I discovered the name of one of the common exit nodes. I forget exactly what it was, but I kid you not, it was something like "datapirates.org".
I thought you were going to say, "I stopped using TOR when I discovered the name of one of the common exit nodes was *.navy.mil". Because that would not surprise me considering that it is based on an onion routing scheme developed by the US Navy. -
Re:How is this annonymous?As long as you are using an IP, there is no such thing as annonymity.
Actually, there is. It's called Onion Routing. It's a product of the US Navy Research Lab and has been around for quite a while. There were attempts to use this technology in P2P networks (namely I2P-BT, which is now defunct, as far as I can tell even though the generic I2P network layer project is still alive and kicking).
-
Re:Press Release
Very good points.
Also see
http://anon.inf.tu-dresden.de/index_en.html
http://www.onion-router.net/
Onion routing is some very slick stuff. I think it still has some significant traffic anaylsis problems but there are possible ways to work around those that could be good enough depending on your enemy. Also if you are using SSH to a proxy you *must* be careful about traffic analysis.
Start thinking in terms of a combo of what Techincian said and the above and do some serious thought about traffic analysis and you will be well on your way to true paranoia. -
Navy's been doing great for a while
More of the same, not that I've got any problem with that!
For instance, the Navy's Proteanforge is fantastic on so many levels it's not even funny. Besides being one of the few public Sourceforge deployements outside of sf.net, the code there is just wildly interesting, and has been for several years now.
Not to mention the funding the Navy put into Onion Routing Research and it's very popular implementation. -
Re:The end is coming and people want it!?!?Are you serious? I don't know if you're trolling or not.
A properly done trusted p2p would only be vulnerable to trafic analysis. And there are other techniques to handle that as well.
Ring a bell? Yeah, that was part of a reply to you a coupla posts back.
here, do some reading
Please, if you are going to troll, just do it anonymously.
-
Re:Weird but True.Save your breath when you respond. Write clear and concise arguments. Provide evidence.
"I would argue, however, that I have yet to see an ill-intented abuse of their power in the last three years."
No, but see, you're running under the illusion that they would report that stuff on the forum. They don't nor would they. The few years should have been implied. It's not like civilians run forums for government agencies to use when reporting about internal issues. The forum is designed for specific issues regarding mass compromises, worms, and other activities.
You also didn't qualify which agency you were refering to.
That's because I don't ask. No one does, it's a broad range of experts that comment on everything from cryptology to child pornography. Terrorism is probably the least mentioned item, because the threat of Internet terrorism is actually extremely low, the terrorists simply have no experience.
Well maybe you better get a clue. It was exposed a month or two ago that the DOD is publishing regional "news" sites on the web. ... There is a link buried in the page where they admit they web site is run by the DOD but its unlikely most people ever notice
And it's even less likely they'll notice it if you don't provide a link. This is bunk and you are completely making it up. Provide the link.
Dude, the DOD has now and always had a huge propaganda component.
"Dude", I don't care. While they may have a vested interest in what is said in the media, to argue that they are controlling civilian reporting is an outright lie. The armed forces learned from Vietnam that the lack of a civilian media presence ultimately worked against them. Now you are saying that by allowing the civilian media to exist with the soldiers is propaganda. You can't have it both ways. Would you prefer that they don't offer to bunk the civilian media with the soldiers?
You still don't get the point. ... If they are using Tor at work it would just be a red flag to anyone monitoring the network traffic that the person doing it should be fired because they are obviously doing something they shouldn't. The people monitoring the network would quickly trace it to where its coming from and the person would be fired if not arrested.
Seriously, get a fucking clue. Look up what TOR is. It was originally designed by the miltary. From the front page of tor.eff.org:
Currently, Tor development is supported by the Electronic Frontier Foundation. Tor was initially designed and developed as part of the U.S. Naval Research Laboratory's Onion Routing program with support from ONR and DARPA.
Onion Routing (TOR) is something that the military has a vested interest in. Soldiers use it to email their family, officials use it to post to civilian websites, and agents use it to mask their identity when doing intelligence work on Arab forums. It's required in most cases to use it, and it's not a secret that the government makes good use of it. They just don't advertise it.
To suggest that federal agencies monitor the outgoing traffic to TOR is laughable and shows how little of the technical aspects of TOR you know. Outbound traffic to TOR is encrypted, and once it hits the 1st node is very hard to trace. By the time it hits the 3rd node, it is essentially impossible to know what went out.
I'm done responding. I'm sorry you don't find anything I said interesting, but I don't particularly care, it was posted because I didn't think anyone would care, and for the most part, you're the only one that has given me crap about it. -
Onion RoutingOnion Routing has been around for several years. Tor is an effort to make the original protocol more practical. It replaces several nice features from OR, specifically the notion of "reply onions", which allowed message recipients to route replies back to the sender without learning the sender's identity. Instead, TOR recommends a form of "rendezvous point" where receivers send messages to be routed back to the sender. It's not as elegant, and the security is not necessarily as strong, though it is more practical.
It's important to note that there are some statistical attacks on both of these systems, and none of them are very secure for long communication sessions when group membership churns, as in a peer-to-peer network.
-
Anonymity and EntropyYep, anonymity is a favourite topic of conversation of me and my colleagues. Frankly, I do not understand the concerns of the "Entropy" project leader. Here is why:
- Theoretically, it is impossible to have anonymous communication on the Internet.
- In practice it is a balance of resources. The trick is that it is much cheaper to publish contents anonymously, than to trace the origin of an information. Therefore projects like Hacktivismo - Six/Four, Crowds, Freedom-Net, Tarzan, Onion-Routing, etc. make sense.
Furthermore, it is often the content which speaks more about the authorship, than the chain of technical events that leads to the publishing of the information. In Slashdot, for example, I have chosen not to show my e-mail, etc., but by reading my comments even a 10-years old kid can make a deduction about my real identity. Does it make sense for me to use IP-tunneling then?
Finally, I do not understand the author. He just seems pissed. Maybe he will reconsider his opinion and revive the project. Is he sick from the lies (?) about the crypto-protocols used in the software which is written? IMHO the theory proves quite stable and if there is a room for attacks it is more in the implementations than in the protocols themselves. How many broken cryptosystems do you recollect (I know, I know "the knapsack", but it got broken on the conference on which it was presented).
Still, even with this project retreating, the subject remains interesting.
-
sounds like onion routing
... though from the top-level technical pages, the author(s) seem to think the idea is novel. Can someone explain how this compares to onion routing?
-
Re:So make your traffic untraceable..
It's very possible to apply a techniques to make your traffic very, very untraceable. There has been one large scale test by the US government itself, with something called onion routing, see www.onion-router.net At MIT they are developing similar applications, in the freehaven / tarzan project. The solution is basicly to route your traffic over a p2p network, using a lot of encryption. It can be pretty fast too.
-
Not impossible!True, a proxy server operator can launch a man-in-the-middle attack easily, but pseudonymity can be built into IP using ideas from onion routing. You will also be interested in reading about MIX-nets; many papers have been published on this topic. If you implement these ideas on the level of email messages (as opposed on the IP level), you'll get what is known as Mixmaster/Nymserver networks.
I don't know about ZKS's solution, but I guess it's a mixture of MIX-net ideas and Crowds.
If you haven't time to read the stuff behind the links above, the idea behind MIX-nets is that an encrypted datagram is source-routed through the network. Each hop is encrypted with the key of the next router. The final destination is only visible to the last router of the chain, whereas the source is only visible to the first router. Crowds, on the other hand, is based on you being a part of a 'crowd' of hosts that is sending, say, HTTP requests. The destination only sees that the request originated from the crowd.
-
Onion Routing
This may allow detection of most kiddies with their DDoS and fries kit downloaded from McHacker, but you can easily avoid detection by using onion routing
See www.onion-router.net for information, although they have just taken their net offline as they have concluded their experiment.
To quote:
The Onion Routing research project is building an Internet-based system that strongly resists traffic analysis, eavesdropping, and other attacks both by outsiders (e.g. Internet routers) and insiders (Onion Routers themselves). It prevents the transport medium from knowing who is communicating with whom -- the network knows only that communication is taking place. In addition, the content of the communication is hidden from eavesdroppers up to the point where the traffic leaves the OR network.
Cheers!
-- -
Re:Don't Want To Be A Spoilsport But...
At the time I couldn't recall the one specific project I was thinking of, but a brief search dredged it up... AT&T's Crowds, a really nifty idea.
I had two mis-recollections from senior sem presentations I saw last year... I thought Anonymizer, wasn't a commercial project, but it turns out that it is. I'm not familiar with them at all, so I can't speak to their approach. I'd also thought that onion-routing was a little beyond the experimental stage, but I guess I was wrong.