Slashdot Mirror
Tor: A JAP Replacement
kid_wonder writes "Wired is running an article describing an answer to this previous /. story. Packets are sent through a network of randomly selected servers each of which knows only its predecessor and successor. Packets are unwrapped by a symmetric encryption key at each server that peels off one layer and reveals instructions for the next downstream node. As a 'connection-based low-latency anonymous communication system,' Tor seems to be the answer to JAP to allow anonymous networking activities of all kinds."
The DoD will just block such methods.!
sigh...
We are REPLACING japs now??!?!?
Isn't this onion routing thing exactly what freenet uses?
Tor - The internet onion!
No, but seriously, the blurb says this is low latency, how that's the case, I fail to see. First client wants to send a HTTP GET or something similar via Tor, so every packet involved needs that info, plus a little bit extra to get it to the next node, plus a little bit more so the end node knows where it needs to be in the end on the return. So that's two extra little bits, then the stuff gets sent one node across which takes its info off and puts new info on.
Where is the low latency here? All this peeling/adding layers to peel off must be fairly time consuming. I'll admit I quite like the idea, and as soon as I click Submit I'm going to download and try it, but I fail to see how this can be faster than say, InvisibleIRC (IIP) was.
--
The last digit of pi is four.
our East Asian readers, will readily endorse this new standard...Honestly, I guess not many people think about their acronyms before they are released to the public.
Sig it.
Wow. Lots of DefCon related stories.
Anyway, for those asking, no, this isn't quite like Freenet. In TOR, you decide which points you want to send traffic through (and negotiate encryption keys with each one individually), and, unlike FreeNet, you can tunnel existing protocols over it (like, say http).
There's a lot of promise here, but in his talk, he was looking for sites that had at least 1Mbps up & down speeds for nodes. This isn't quite like Peekabooty, in that right now they're not looking for everyone to run a middleman node.
If I called my project NI**ER, it'd never get accepted. Why JAP?
to help Internet users surf the Web anonymously and shield their online activities from corporate or government eyes. The system is based on a concept called onion routing.
I've just tried to set www.theonion.com:8800 as http proxy but it doesn't work...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
If the Navy is funding this project, don't you think they have already found a way of monitoring it?
Such systems right now have too high a latency and too much overhead (such as a peer sending "noise" into the network when not having the need to send any real data, just to deter packet analysis) that they aren't terribly practical... for now. So you most likely won't see the technology bundled in the next KaZaA, BitTorrent, etc., but we'll see what the future holds.
- sm
we did have this back in 1941
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
What happens when people start doing bad stuff with the tor system? You know it's going to happen...
The model is bad, because the people running the servers (like the old cypherpunk remailers) are supposed to provide services for free, out of the goodness of their hearts, and take the heat when people do malicious stuff with the network.
It seems to me that it's not a bad technical system, but that it fails when you start to think about the social and economic realities of the net.
(I know because I submitted this article too.)
1. The Navy is bankrolling the development, presumably to allow government employees to surf around without leaving ".gov" and ".mil" ip addresses in logs.
2. JAP supposedly has a German Government implanted backdoor that this one shouldn't because it's open source.
I think that the US Government is bankrolling it to piss off the Chinese.
This technology will certainly become a favored tool of terrorists trying to avoid the justice of the Bush administration.
Sincerely,
The MPAA.
Sorry, I'm too busy updating my NIGGER and KIKE networks to worry about a new protocol.
Who the heck thought JAP would be an acceptable acronym?
I'm not sure yet what it does, but I'm thinking of calling it the Heuristic, Orthogonal, Non-Knuth-approved, Yielding algorithm.
HONKY, for short. I guess that name won't be a problem, will it? I mean, since JAP seems to be okay...
Onion routing does just that, it is a method for picking an anonymous route. Freenet is a distributed database.
In onion routing the client picks N nodes from the list of servers and encrypts using each servers public key. Then sends the data to the first server. In onion routing each packet of data contains the entire routing list, though it is encrypted in such a way that each node can only tell what the next node is.
Each Freenet nodes caches data blocks based on demand. When a request arrives looking for a data block Freenet forwards the request to a node that has similar information until the correct block is found. Each freenet node only knows about the next and previous nodes, and the route is determined by the key you are searching for.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
I think it's great that the Navy is funding this. Now, where are the wire tap hooks? I always enjoy the way the government exempts itself from its own rules.
currently N=3 on tor...
Douglas Calvert
Something named "My own private Idaho", an anonymous remailing software from 1996-1998, did (and is still doing) exactly the same thing, with PGP integration, and server key publication.
From the couple of days I spent actually working in my highschool cisco class, I remember each router in a path is supposed to be able to optimize the route a packet is sent on by using local information and the packet's final destination. From what I gather from the limited technical details in the article, this protocol would require knowledge of the entire route at the initial node to handle the 'onion layer' encryption.
Is there some way of optimizing a path through a given number of nodes without keeping huge amounts of information about latency on every two nodes, or is this just bouncing the packet around for a while for anonymity and accepting the added latency, plus possibly the time it takes to detect and resend packets when one node in a path suddenly goes dead, making the custom-encrypted packet worthless?
not "My own private Idaho", but "Private Idaho" :
URL
http://www.eskimo.com/~joelm/pi.html
JA* is a well-known racial slur used against the Japanese people. It was very insensitive of Slashdot to do this and very unprofessional.
Anonymity works both ways, and just because something is official government doesn't mean it's always "whitehat". In fact, so far I'd give government at best a 50/50 score on color of chapeaus going way back. The current regime I'd give an 80/20 black to white ratio and heading darker by the minute. Don't trust them, or what they claim in public.
Think "disinformation" "plausible deniability" and take a google gander at "Directive 3600.1: Information Operations"
Why is this so tough for people to "get" ?
This sounds a lot like an implementation of Mixmaster for TCP.
This sounds like a reinsertion of all the technology that has gone into anonymous mailers over the years (see MixMaster.) I hope that they aren't re-inventing everything and repeating the same mistakes. The existing technology should be mostly portable from the application layer to the session or layer.
I was at a presentation by the guy behind MixMaster and was impressed by all the thought that has gone into the various generations of the application. They even had it generating fake messages so you can't do traffic analysis.
FYI, j-a-p are the first three letters in "japanese". I know 'jap' was used connotatively when we were in war against them, but I think most people have moved on. That wasn't neccessary, or funny, or cute. cunt.
Why, are you a HONKY?
Or perhaps a pissed off JAP, still feeling bitter about Hiroshima?
You certainly aren't a NIGGER, cause they're all too dumb to use a computer.
Oh wait, I know: you're just a BITCH.
No one can replace the Jewish American Princess, what with her snooty attitude and come-hither glances. Come on.. baby needs a new BMW
hmm, just a thought, not that i condone what you just said... but if lightning can make glass fingers in sand, what would a nuke do? anybody need a cheap and effective way to make some more glass? lol
called KRAUT.
-- It only takes 20 minutes for a liberal to become a conservative thanks to our new outpatient surgical procedure!
It's important to note that there are some statistical attacks on both of these systems, and none of them are very secure for long communication sessions when group membership churns, as in a peer-to-peer network.
A JAP Replacement? What about CHI? They're cute, too.
They should have started with sterilizing your mom and cutting off your dad's balls. What an asshole!
It's usable right now, it's much more flexible than TOR but it's not exactly ready for primetime. Despite that you can still browse eepsites, use the anonymous irc and set up any time of transport tunnel you're looking for. Once it hits version .5 there will be more publicity made about it, wider testing, etc.
If you're on freenode.net chat, join #i2p or go to the website right here.
About I2P
" unless you live in some dictatorship like China, the only real reason you'd need that much anonymity is for kiddy pr0n."
Not true. If you try to contact people the government deems a terrorist, you will simply disappear. You will be sent to Cuba, deemed an "enemy compatant", and simply tucked out of the way.
The Bush administration is openly hostile to habeus corpus. They have secret courts and secret subpeonas. They hold people without a public court appearance.
All it takes, dude, is to be called a terrorist, and your life might as well be over.
I'm not making this up; hell, I'm a 35 year republican, but when a thing is wrong, you've got to stand up to speak out.
And if the guy doesn't want to be labelled a terrorist for his political views, then he has that right.
So stop dragging out kiddie porn; its an old, worn saw, and its used simply to smear people.
Anyone remembr Private Idaho?
One current incarnaton is here:
http://www.itech.net.au/pi/
It uses remailers and pgp in the same onion scheme for email... for when u want nobody to see ur email.
This sort of thing is of little use to anyone but criminals. Yes, I realize that you shouldn't necessarily ban or restrict something that has legitimate uses simply because it's also useful for criminals, but I think it's worth asking whether or not something like this would really be a net benefit to society. I know the Freenet crowd likes to make constant reference to oppressive governments, political dissidents, etc., but does anyone really think that the ratio of illegal porn and illicitly-traded copyrighted material to legitimate use isn't astronomical?
Hmmm...this raises a side question. Can Linux bind different stacks to different devices? For example: eth0 could be your standard stack with the regular firewall. eth1 could be an encrypted stack with routing over a P2P style net. eth2 could be...you get the point. Note that ethx doesn't actually have to be a physical device.
... The Register broke this story ages ago: Here and Here. Why is /. so reluctant to credit these guys for the tech stories they so often break?
Jealousy?
http://www.linux-mag.com/2000-04/gear_01.html
Can someone please instruct me on how to set up Tor when I am behind a http proxy which requires a username and password?
(And before you say RTFM, I already have, and I couldn't find anything relevent.)
They are a nationality.
"But my point is just because it can be used for bad purposes does not mean it necessarily will."
That's why the US should, increase research into biological weapons. Don't worry people. I have it on good word that it will not be used for bad purposes.
They that can give up essential latency to obtain a little temporary anonymity deserve neither latency nor anonymity.
I need my data at the speed of light, bitches!
Zero Knowledge Systems provided commercial onion skin routing for quite some time.
Since heavily-used onion-skin-routing can make traffic analysis a pain and is one of the best anonymity mechanisms we have, I'm certainly cheering Tor on. If you don't like your network usage being monitored, be it web browsing, newsgroup reading, email, or chatting, onion-skin routing is a Good Thing.
May we never see th
"wtf is a pom?"
Slang for someone from Britain, at least in Australia and New Zealand.
I believe the american term is "Limey"
There are a lot of uses for this, many of which are stated right in the article too:
Developers say Tor can be used to prevent websites from tracking their users; block governments from collecting lists of website visitors; protect whistleblowers; and circumvent local censorship by employers, ISPs or schools that restrict access to certain online services.
The Navy is financing Tor because it wants to hide the identity of government employees who have long used anonymous communications systems for intelligence gathering and politically sensitive negotiations.
If you think that your business competitors can break modern encryption algorithms like AES, I'd be really curious to hear what sort of business you're in.
It's been quite a while since I made my site LinuxReviews IPv6 Ready. This has made me look at the IPv6-ready Web Server list from time to time and sadly there is very few sites out there that are IPv6 capable.
It is nice to know Tor supports standard protocols like http://. But do you really believe those "Tor Ready!" websites will start popping up any time soon? I don't think so. The majority of todays websites do not validate, doesn't support IPv6 and many don't even render correctly in the majority of web browsers. Will Tor-Ready be prioritized higher by the average webmaster than these and other more serious issues?
I am also very skeptical to the bandwidth requirements and the latency. My Ipv6 connection gives me full bandwidth, but I do notice that connections going through the tunnel are, in fact, much more latent than normal native Ipv4 connections. So why would I prefer to visit some website using Tor when the real difference is a longer loading period? Yes, what the author says about low latency may be true. It may have less latency than alternatives, but do not try to tell me I won't notice significantly higher latency if I try to IRC through a TOR connection.
People are talking about Ipv6 becoming standard in 5-6 years, I will be amazed if tor still exists at that point in time and even more amazed if it's actually implemented on more than 0.0001% of the Internet's services.
9/11: Never forget it was a false-flag operation
Paedophiles trade movies too you know.
The extreme anonymity provided by Freenet is exactly why I'm avoiding it like the plague (and also because it's a Java thing, but that's another problem): unless you live in some dictatorship like China, the only real reason you'd need that much anonymity is for kiddy pr0n...
I'm curious -- what issue do you take with child porn in such an environment as Freenet? Yes, it's anonymous, but in such an environment, it's not possible for pornography producers to profit from child porn.
The main point of making possession of child porn illegal and in making it a social taboo is that it makes unprofitable and thus presumably discourages further production of child porn. In turn, this presumably reduces sexual interaction with children, which presumably reduces physical harm coming to children (which I suspect most people would consider having intrinsic value, due to the insticts we have toward children), which is the most obvious reason for banning child porn.
Since there is no impact on the profitability of child porn if such content is distributed in an environment where the porn cannot be sold, it seems that this eliminates the dissuasion factor, the only reason for such an extreme step as making possessing a particular type of data illegal.
What's your take on it?
May we never see th
"Same with "canuck" when they decide Mexicans are no good. ;-)"
Canuck is a term for a Canadian...
"This sort of thing is of little use to anyone but criminals."
I agree, only for criminals and America doesn't need it since it's free enough as it is. It's not like lawyers are suing people left and right for calling them shyster! It's not like the government employees were silenced and faced retaliation for trying to warn of 9/11! Who would use such a system except for these, and these, and these people who needed to publish incriminating memos that went against the public good.
P.S. if there isn't a +1 sarcastic option for me, you can give parent a -1 for being an idiot.
"Yes, having porn isn't de facto an addiction. But keeping a stash of illegal material (=knowingly breaking the law to satisfy your cravings) is one of the signs of an addiction."
I take that you and your rambeling is just a cover for the fact you have a Ph.D. in psychology. Feel free to tell me more about addiction and how having a stash of porno, kiddie or not, is a defining characteristic.
"I'm afraid 'finding an outlet' doesn't help, it just feeds/escalates the addiction, making it more likely the pedophile will go from browsing porn to assaulting children."
You are a fool, they will find an outlet and it *will* be a child or it *will* be child pornography. The choice is child or porno, unless you think most people can keep sexual desires bottled in for the rest of their natural lives without acting on them in any fashion.
> For one, apparently Freenet isn't totally free.
Care to explain this obscure statement?
Freenet is as free as it gets, if you don't like the freenet client (which is opensource) you can write your own.
What's not entirely free?
So.. basically, set up a NAT or proxy server rather, and let the internet users of the world use that (+IPSec)!?
Prisoner Of Mother [England]
Ah look, the US military is destablising the world again! Putting anonymity in the hands of the chinese and terroists worldwide. You only have to look at their past record to see the damage they do.
The Internet - place for Russian gangs to remote control computers.
WMD - need I say more
Nuclear weapons - Cold war anyone.
This proves the US military should be disbanded immediately.
#1 The Tau Cetans arrived, and contrary to current hippy theory, they're mean sons of bitches. Neither you nor I feel like being slaves for GribblegribbleDak, and so it might be convenient to have some weapons more advanced than thrown rocks.
#2 Some mutant form of fungus, bacteria, or virus emerges into the world (and you're allowed to take a potshot here... it might very well be an escaped bioweapon). A cure is unlikely, and the infection spreads too rapidly to be contained via traditional quarantine methods. Assuming that it's still within a fairly small geographic area, and those people will die anyway (or already dead), it might be nice to be able to sterilize the outbreak. Despite bad Kevin Spacey movies, nukes are the only option for that.
#3 We want to build a probe capable of meaningful interstellar flight. I doubt that it will be manned, so I'm thinking something more like Voyager. Right now, the only non-science fiction drive would be nuclear. It's an engineering problem, maybe a logistical problem, not a theoretical one.
BONUS: #4 (Biological) My cat (and by extension our carpet) has had a bad infestation of fleas, that is almost impossible to get rid of. Even now, I hope it's over, but won't know for a few more weeks. If there were such a thing as "flea pox" and it wasn't dangerous to pets or humans, I'd have loaded up at the local Bio-WeaponsMart. I want the nasty little vampires dead.
Has anyone checked out http://risersoft.com/anon-encrypt.php ?
Its an SSL Encrypted, Anonymous tunnel.
Troll??? Obviously most of you don't know what kind of JAP im referring to..
JAP = Jewish American Princess
not
JAPanese.
100% Insightful
Just because there is bigger issues doesn't mean we should stop caring about the smaller issues. Or else you are just left with choas.
/End Rant
By your reasoning, we should pull all cops off traffic duty, robbery, fruad, assault and everything else. And just put them onto Rape and Murder cases.
Great we stop more of the murders, but now no one has anything left to go home to because everything of value has been taken, and you can't drive anywhere because others are driving at 120mph in a 30 zone. And if you were to ask them nicely to slow down because children are getting out of school. Expect to be beaten to a plup.
But the police won't give a fuck, because... well.. you're not dead.
it'll never survive a slashdotting otherwise
"If there were such a thing as "flea pox" and it wasn't dangerous to pets or humans, I'd have loaded up at the local Bio-WeaponsMart. I want the nasty little vampires dead."
Actual example: "BT" (bacillus thuringensis) is sold at most gardening centers, for killing garden pests.
See "The Curve Of Binding Energy", by John McPhee, about Theodore Taylor, who worked at Los Alamos on the Manhattan Project and long thereafter, and who did some work on this idea.
Maybe somebody already mentioned it, but the developers' replies to this question are at http://www.freehaven.net/tor/doc/tor-doc.html Yes, communication privacy can be abused. But we do not see anyone screaming that sending a letter in the real world should require authentication and total disclosure of the contents of the letter, so why should the digital world be different? (By the way, it might be that Tor is slashdotted now.)
(c) Copyright 1999-2002 The Freenet Project Inc Released under the GNU Public License Version 2.
Tor appears to have a BSD-style license:
Redistribution and use in source and binary forms, with or without modification, are permitted
Some people say that the GPL isn't really "free", those people usually argue that the BSD license is. I don't agree with them, but you hear this from many BSD developers.
What would a nuke do? Today, for the obviously clueless, is the 59th anniversary of the atomic bombing of Hiroshima. That day, 59 years ago, 80,000 people died, mostly civilians. 60,000 more would die of radiation sickness by the end of the year. Thousands more still suffer from the radiation exposure. That is the inhuman price of your "glass"!
In Nagasaki, the effects were similar except for one difference: Nagasaki was home to Asia's largest Catholic population. A population that was persecuted by their own government: the punishment for practicing any form of Christianity was death. The Catholics of Nagasaki were not only innocent civilians (which it was against the Geneva Convention to attack - can you say war crime?), but they were innocent victims of their own fascist government: our enemy. We still murdered them by the tens of thousands.
In WWII, we "liberated" the Marshall Islands from Japan and made it our protectorate. Years later, in 1954 (fifty years ago this year), the Japanese occupation was ending, and Japan was emerging as our ally once more (Japan, except for the WWII era, has been our ally since our Commander Perry visited it). On Bikini Atoll, in the Marshall Islands, we were conducting nuclear testing. On March 1st, we tested Bravo, the first, biggest, and deadliest H-bomb, the equivalent of 1,000 Hiroshimas. The Lucky Dragon Number 5, was trawling for tuna 87 miles away: its radioman would die of radiation sickness in six months, its tuna catch poisoned. Rongelap Atoll, 120 miles away, was irradiated by a nuclear hurricane and a snow fall of ash. Death came in the form of cancers, leukemia, and hideously deformed babies. Japanese newspapers declared "The Second Atomic Bombing of Mankind". The Japanese public turned strongly against nuclear testing. On November 3rd, Godzilla, Son of Bravo, appeared for the first time in Tokyo Bay.
Well, now you know the cost of your glass. (I'd suggest getting a book on glass making and try making it using fire.) You should also know the cost of dehumanizing a group of people with a word like "JAP": all kinds of atrocities become possible, from concentration camps to nukes.
The person who named "JAP" probably did it out of ignorance, but the word is still highly offensive to people who today are our good friends (by some miracle). I'm glad to hear it is being replaced.
"Our people.. stricken with disease.
You.. you played with the fires of the gods.
And you dare to come here and ask us for help!
You betrayed us! You expect us to trust you after what you have done?"
Infant Island Chief, "Godzilla vs. Mothra" (US Version), 1964
For the 10th anniversary of Bravo.