Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor: A JAP Replacement

Posted by CowboyNeal on from the trust-no-one dept.

kid_wonder writes "Wired is running an article describing an answer to this previous /. story. Packets are sent through a network of randomly selected servers each of which knows only its predecessor and successor. Packets are unwrapped by a symmetric encryption key at each server that peels off one layer and reveals instructions for the next downstream node. As a 'connection-based low-latency anonymous communication system,' Tor seems to be the answer to JAP to allow anonymous networking activities of all kinds."

18 of 266 comments (clear)

  1. Why would the government fund something... by hadesan · · Score: 4, Interesting
    which is completely open source and avaialble to anyone who want's to download it?

    If the Navy is funding this project, don't you think they have already found a way of monitoring it?

    1. Re:Why would the government fund something... by hadesan · · Score: 2, Interesting
      Between the GIMPS (http://www.mersenne.org/prime.htm) and PrimeNet (URL:http://www.mersenne.org/ips/>) projects being public projects on finding large prime numbers publicly, the government must be building on those projects in-house.

      Wouldn't you think the government has had some non-public serious hardware dedicated to this for the past decade? If these are the Top 500 "known" supercomputers (http://www.top500.org/list/2004/06/), where are all the Defense Department listings?

      The NSA has "worked" closely with vendors supplying encryption equipment since the 1990s (http://www.cnn.com/TECH/computing/9807/27/securit y.idg/

      I would believe the government's NSA hardware is probably around 6-10 years ahead of what is commercially available or even known. http://www.hpcc.gov/pubs/blue94/section.4.6.html

  2. Re:Not Like Freenet by X · · Score: 4, Interesting

    What it is very much like is Freedom.net from Zero Knowledge Systems. Those guys already provided the patches to Linux to implement it, and had way more sophisticated protections (things to prevent discovery by timing and packet size analysis). Unfortunately, not may people used it, so it went bust. Now ZKS mostly does firewall software. :-(

    --
    sigs are a waste of space
  3. Re:Not Like Freenet by gclef · · Score: 3, Interesting

    Yeah, he mentioned ZKS in his presentation. Their disappearing, and taking the network with them, is one of the reasons that he's BSD-licensing the code for this.

    Interestingly, one of the other reasons is that he managed to convince the Navy that others would use and trust the code (therefore making the Navy's use of it more difficult to detect) if those others could read the code and implement it themselves. I'm honestly kinda surprised (but happy) that the Navy agreed to it.

  4. You missed some points. by Positive+Charge · · Score: 5, Interesting

    (I know because I submitted this article too.)

    1. The Navy is bankrolling the development, presumably to allow government employees to surf around without leaving ".gov" and ".mil" ip addresses in logs.

    2. JAP supposedly has a German Government implanted backdoor that this one shouldn't because it's open source.

    I think that the US Government is bankrolling it to piss off the Chinese.

    1. Re:You missed some points. by mjbkinx · · Score: 3, Interesting
      2. JAP supposedly has a German Government implanted backdoor that this one shouldn't because it's open source.

      you can get the sourcecode for JAP here.
      they were told to record access to a child porn site, which they did (visible in the source). they cought one access to that site, but the data had to be deleted after another court ruling which declared the surveillance illegal.

  5. Re:Freenet? by Rosco+P.+Coltrane · · Score: 1, Interesting

    Freenet remains largely used by people who need/want _extreme_ anonymity rather than your average movie downloader wanting to avoid one of those nasty lawsuits.

    Paedophiles trade movies too you know.

    The extreme anonymity provided by Freenet is exactly why I'm avoiding it like the plague (and also because it's a Java thing, but that's another problem): unless you live in some dictatorship like China, the only real reason you'd need that much anonymity is for kiddy pr0n...

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  6. Anonymous mailer technology by KillerCow · · Score: 5, Interesting

    This sounds like a reinsertion of all the technology that has gone into anonymous mailers over the years (see MixMaster.) I hope that they aren't re-inventing everything and repeating the same mistakes. The existing technology should be mostly portable from the application layer to the session or layer.

    I was at a presentation by the guy behind MixMaster and was impressed by all the thought that has gone into the various generations of the application. They even had it generating fake messages so you can't do traffic analysis.

  7. Re:I've been doing this since August 2003. by cuzality · · Score: 2, Interesting

    > Why is this so tough for people to "get" ?

    Maybe because you say right on your website, "Don't post this to slashdot. You will murder my cable modem."

    Who knows how many truely brilliant ideas have languished in obscurity because their author was afraid of a slashdotting... Surely thousands -- no, millions...

  8. Onion Routing by dachshund · · Score: 5, Interesting
    Onion Routing has been around for several years. Tor is an effort to make the original protocol more practical. It replaces several nice features from OR, specifically the notion of "reply onions", which allowed message recipients to route replies back to the sender without learning the sender's identity. Instead, TOR recommends a form of "rendezvous point" where receivers send messages to be routed back to the sender. It's not as elegant, and the security is not necessarily as strong, though it is more practical.

    It's important to note that there are some statistical attacks on both of these systems, and none of them are very secure for long communication sessions when group membership churns, as in a peer-to-peer network.

  9. I2P has been doing this for some time now by Anonymous Coward · · Score: 1, Interesting

    It's usable right now, it's much more flexible than TOR but it's not exactly ready for primetime. Despite that you can still browse eepsites, use the anonymous irc and set up any time of transport tunnel you're looking for. Once it hits version .5 there will be more publicity made about it, wider testing, etc.

    If you're on freenode.net chat, join #i2p or go to the website right here.

    About I2P

  10. False by Anonymous Coward · · Score: 1, Interesting

    " unless you live in some dictatorship like China, the only real reason you'd need that much anonymity is for kiddy pr0n."

    Not true. If you try to contact people the government deems a terrorist, you will simply disappear. You will be sent to Cuba, deemed an "enemy compatant", and simply tucked out of the way.

    The Bush administration is openly hostile to habeus corpus. They have secret courts and secret subpeonas. They hold people without a public court appearance.

    All it takes, dude, is to be called a terrorist, and your life might as well be over.

    I'm not making this up; hell, I'm a 35 year republican, but when a thing is wrong, you've got to stand up to speak out.

    And if the guy doesn't want to be labelled a terrorist for his political views, then he has that right.

    So stop dragging out kiddie porn; its an old, worn saw, and its used simply to smear people.

  11. hmmm-They went, all those ways. by Anonymous Coward · · Score: 2, Interesting

    Hmmm...this raises a side question. Can Linux bind different stacks to different devices? For example: eth0 could be your standard stack with the regular firewall. eth1 could be an encrypted stack with routing over a P2P style net. eth2 could be...you get the point. Note that ethx doesn't actually have to be a physical device.

  12. Oh, for God's sake... by andymurph · · Score: 4, Interesting

    ... The Register broke this story ages ago: Here and Here. Why is /. so reluctant to credit these guys for the tech stories they so often break? Jealousy?

  13. Re:Been around for awhile... by Sajma · · Score: 2, Interesting

    Another of the problems with these approaches (besides the need to send cover traffic, as you mentioned) is that pseudo-random path selection may not be random enough. Certainly an "omnicient" adversary could run various correlations to determine who is sending data to whom, and it becomes very difficult to make convincing arguments as to whether more realistic adversaries can glean information from the traffic they observe. If there's one lesson we've learned from crypto research, it's that smart mathematicians can usually find patterns in pseudo-random data, so the real question is whether a system provides "sufficient" anonymity (since perfection is likely impossible to achieve). Another question is how long that anonymity lasts, say, against offline analyses by semi-omnicient observers (agencies?). Is a month long enough? A year? Or "as long as men are capable of doing evil"? These are not simple questions to answer, unfortunately, as much as we might wish that anonymity were something simple to achieve!

  14. Re:Freenet? by MacJedi · · Score: 3, Interesting

    Forgive me if I am misunderstanding you, but if it is impossible to link a nickname to a real person, how is that not a climate that encourages illegal activity? Sure, nobody wants to tarnish their online persona, but who says they are limited to only one online persona?

    --
    2^5
  15. Re:Talk about politically incorrect by BillsPetMonkey · · Score: 2, Interesting

    Actually if the grandparent post is acceptably funny (personally I think it's thinly veiled racism), then at least the parent post is historically perceptive if not quite witty.

    I do think slashdot's only purpose on the Internet is to aggregate stupidity.

    --
    "It's not your information. It's information about you" - John Ford, Vice President, Equifax
  16. If Freenet isn't free then what is? by Anonymous Coward · · Score: 1, Interesting

    > For one, apparently Freenet isn't totally free.

    Care to explain this obscure statement?

    Freenet is as free as it gets, if you don't like the freenet client (which is opensource) you can write your own.

    What's not entirely free?