Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor: A JAP Replacement

Posted by CowboyNeal on from the trust-no-one dept.

kid_wonder writes "Wired is running an article describing an answer to this previous /. story. Packets are sent through a network of randomly selected servers each of which knows only its predecessor and successor. Packets are unwrapped by a symmetric encryption key at each server that peels off one layer and reveals instructions for the next downstream node. As a 'connection-based low-latency anonymous communication system,' Tor seems to be the answer to JAP to allow anonymous networking activities of all kinds."

9 of 266 comments (clear)

  1. Why would the government fund something... by hadesan · · Score: 4, Interesting
    which is completely open source and avaialble to anyone who want's to download it?

    If the Navy is funding this project, don't you think they have already found a way of monitoring it?

  2. Re:Not Like Freenet by X · · Score: 4, Interesting

    What it is very much like is Freedom.net from Zero Knowledge Systems. Those guys already provided the patches to Linux to implement it, and had way more sophisticated protections (things to prevent discovery by timing and packet size analysis). Unfortunately, not may people used it, so it went bust. Now ZKS mostly does firewall software. :-(

    --
    sigs are a waste of space
  3. Re:Not Like Freenet by gclef · · Score: 3, Interesting

    Yeah, he mentioned ZKS in his presentation. Their disappearing, and taking the network with them, is one of the reasons that he's BSD-licensing the code for this.

    Interestingly, one of the other reasons is that he managed to convince the Navy that others would use and trust the code (therefore making the Navy's use of it more difficult to detect) if those others could read the code and implement it themselves. I'm honestly kinda surprised (but happy) that the Navy agreed to it.

  4. You missed some points. by Positive+Charge · · Score: 5, Interesting

    (I know because I submitted this article too.)

    1. The Navy is bankrolling the development, presumably to allow government employees to surf around without leaving ".gov" and ".mil" ip addresses in logs.

    2. JAP supposedly has a German Government implanted backdoor that this one shouldn't because it's open source.

    I think that the US Government is bankrolling it to piss off the Chinese.

    1. Re:You missed some points. by mjbkinx · · Score: 3, Interesting
      2. JAP supposedly has a German Government implanted backdoor that this one shouldn't because it's open source.

      you can get the sourcecode for JAP here.
      they were told to record access to a child porn site, which they did (visible in the source). they cought one access to that site, but the data had to be deleted after another court ruling which declared the surveillance illegal.

  5. Anonymous mailer technology by KillerCow · · Score: 5, Interesting

    This sounds like a reinsertion of all the technology that has gone into anonymous mailers over the years (see MixMaster.) I hope that they aren't re-inventing everything and repeating the same mistakes. The existing technology should be mostly portable from the application layer to the session or layer.

    I was at a presentation by the guy behind MixMaster and was impressed by all the thought that has gone into the various generations of the application. They even had it generating fake messages so you can't do traffic analysis.

  6. Onion Routing by dachshund · · Score: 5, Interesting
    Onion Routing has been around for several years. Tor is an effort to make the original protocol more practical. It replaces several nice features from OR, specifically the notion of "reply onions", which allowed message recipients to route replies back to the sender without learning the sender's identity. Instead, TOR recommends a form of "rendezvous point" where receivers send messages to be routed back to the sender. It's not as elegant, and the security is not necessarily as strong, though it is more practical.

    It's important to note that there are some statistical attacks on both of these systems, and none of them are very secure for long communication sessions when group membership churns, as in a peer-to-peer network.

  7. Oh, for God's sake... by andymurph · · Score: 4, Interesting

    ... The Register broke this story ages ago: Here and Here. Why is /. so reluctant to credit these guys for the tech stories they so often break? Jealousy?

  8. Re:Freenet? by MacJedi · · Score: 3, Interesting

    Forgive me if I am misunderstanding you, but if it is impossible to link a nickname to a real person, how is that not a climate that encourages illegal activity? Sure, nobody wants to tarnish their online persona, but who says they are limited to only one online persona?

    --
    2^5