Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor: A JAP Replacement

Posted by CowboyNeal on from the trust-no-one dept.

kid_wonder writes "Wired is running an article describing an answer to this previous /. story. Packets are sent through a network of randomly selected servers each of which knows only its predecessor and successor. Packets are unwrapped by a symmetric encryption key at each server that peels off one layer and reveals instructions for the next downstream node. As a 'connection-based low-latency anonymous communication system,' Tor seems to be the answer to JAP to allow anonymous networking activities of all kinds."

26 of 266 comments (clear)

  1. Before you know it... by cytoman · · Score: 5, Insightful
    ... the RIAA and the MPAA will be all over this, denouncing it and crying foul!

    sigh...

  2. Talk about politically incorrect by Anonymous Coward · · Score: 4, Funny

    We are REPLACING japs now??!?!?

    1. Re:Talk about politically incorrect by Anonymous Coward · · Score: 5, Funny

      The new version will eventually be called ARAB. One of the security improvements is sandboxing, and when a process begins to misbehave, it's quickly killed.

  3. Freenet? by pope+nihil · · Score: 4, Insightful

    Isn't this onion routing thing exactly what freenet uses?

    1. Re:Freenet? by MoonBuggy · · Score: 5, Informative

      That's exactly what I thought (and I believe that we're right). What's interesting here though is that it claims to be low-latency, a quality rarely associated with Freenet and probably the primary reason that Freenet remains largely used by people who need/want _extreme_ anonymity rather than your average movie downloader wanting to avoid one of those nasty lawsuits.

    2. Re:Freenet? by elleomea · · Score: 4, Informative

      As far as I'm aware Freenet stores encrypted content on each node, not just routing requests through nodes.

    3. Re:Freenet? by Sgs-Cruz · · Score: 4, Insightful
      Which is your right, obviously. But don't be accusing anyone who uses it of trading child porn. I was using Freenet a while back just for the novelty of trying it out -- I found it (much like the Gnutella network) unusable for downloading music/movies so I stopped using it.

      But my point is just because it can be used for bad purposes does not mean it necessarily will.

      --

      Karma: pi (Mostly due to circular reasoning in posts).

    4. Re:Freenet? by Wesley+Felter · · Score: 4, Informative

      Freenet doesn't use onion routing (last time I checked), but it does use the concept of sending messages through mutiple hops. But the main difference between Freenet and Tor is that Freenet is an anonymous publishing system and Tor is an anonymizing layer that can work with almost any application.

    5. Re:Freenet? by HeghmoH · · Score: 5, Insightful

      What a crazy attitude to have. There are other reasons you'd need that much anonymity.

      First, your dismissal of people who live in China is incredibly inappropriate. Over a billion people live there, and you just dismissed them out of hand. And then there's the exile situation; what about somebody who's now living in the US who still can't speak out freely because of repercussions on friends/family back home? Do they simply not count?

      There are plenty of other reasons, though, all the way from "VP in Fortune 500 company wants to expose toxic waste problems without risking being found out as the source" to "I'm such an incredibly paranoid person that I don't want to risk the wrath of the US government for posting these funny pictures of Bush" all the way to the classic standby, "because I want to".

      I don't use Freenet, but I also don't simply assume that everybody who searches for perfect anonymity must be a reprehensible criminal.

      --
      Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
  4. hmmm by SinaSa · · Score: 4, Insightful

    Tor - The internet onion!

    No, but seriously, the blurb says this is low latency, how that's the case, I fail to see. First client wants to send a HTTP GET or something similar via Tor, so every packet involved needs that info, plus a little bit extra to get it to the next node, plus a little bit more so the end node knows where it needs to be in the end on the return. So that's two extra little bits, then the stuff gets sent one node across which takes its info off and puts new info on.

    Where is the low latency here? All this peeling/adding layers to peel off must be fairly time consuming. I'll admit I quite like the idea, and as soon as I click Submit I'm going to download and try it, but I fail to see how this can be faster than say, InvisibleIRC (IIP) was.

    --
    --
    The last digit of pi is four.
    1. Re:hmmm by dfelznic · · Score: 4, Informative

      I am using tor right now to read slashdot as well as IRC and GAIM. Tor is not supposed to be as low latency as your normal connection. Security is a trade off the slight degradation in latency is worth the improved anonymity...

      --
      Douglas Calvert
    2. Re:hmmm by jhoffoss · · Score: 5, Informative
      Tor achieves low latency because tunnels are created during connection setup, and that same tunnel is utilized for the life of the connection.

      I believe the encryption is layered on from the start, and peeling occurs at each transfer, not peel/crypt/peel/crypt/etc.

      I was surprised to see no one posted this earlier; the author of Tor gave a very good presentation at DEFCON last week, and I'll have to get out my CD with his presentation on it, but it's different from Freenet in a few ways. For one, apparently Freenet isn't totally free.

      As a side-note, the author is still working on a method to accept/sign-up/recruit primary [trusted] nodes.

      --
      Linux: The world's best text-adventure game.
  5. I would imagine by AbbyNormal · · Score: 5, Funny

    our East Asian readers, will readily endorse this new standard...Honestly, I guess not many people think about their acronyms before they are released to the public.

    --
    Sig it.
  6. Not Like Freenet by gclef · · Score: 5, Insightful

    Wow. Lots of DefCon related stories.

    Anyway, for those asking, no, this isn't quite like Freenet. In TOR, you decide which points you want to send traffic through (and negotiate encryption keys with each one individually), and, unlike FreeNet, you can tunnel existing protocols over it (like, say http).

    There's a lot of promise here, but in his talk, he was looking for sites that had at least 1Mbps up & down speeds for nodes. This isn't quite like Peekabooty, in that right now they're not looking for everyone to run a middleman node.

    1. Re:Not Like Freenet by X · · Score: 4, Interesting

      What it is very much like is Freedom.net from Zero Knowledge Systems. Those guys already provided the patches to Linux to implement it, and had way more sophisticated protections (things to prevent discovery by timing and packet size analysis). Unfortunately, not may people used it, so it went bust. Now ZKS mostly does firewall software. :-(

      --
      sigs are a waste of space
  7. Onion routing by Rosco+P.+Coltrane · · Score: 5, Funny

    to help Internet users surf the Web anonymously and shield their online activities from corporate or government eyes. The system is based on a concept called onion routing.

    I've just tried to set www.theonion.com:8800 as http proxy but it doesn't work...

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:Onion routing by Hard_Code · · Score: 4, Funny

      Nurse we need the defibrillator stat! We're about to lose this joke!

      --

      It's 10 PM. Do you know if you're un-American?
  8. Why would the government fund something... by hadesan · · Score: 4, Interesting
    which is completely open source and avaialble to anyone who want's to download it?

    If the Navy is funding this project, don't you think they have already found a way of monitoring it?

  9. Been around for awhile... by shadowmatter · · Score: 5, Informative
    Schemes like this to make p2p anonymous have been around for awhile. The problem is that such systems have very high end-to-end latency, so in practice it's not really ideal for a constantly evolving network -- like peer-to-peer. A scheme similar to this, using mixes, is Tarzan. From its ACM paper:

    Tarzan is a peer-to-peer anonymous IP network overlay. Because it provides IP service, Tarzan is general-purpose and transparent to applications. Organized as a decentralized peer-to-peer overlay, Tarzan is fault-tolerant, highly scalable, and easy to manage.Tarzan achieves its anonymity with layered encryption and multi-hop routing, much like a Chaumian mix. A message initiator chooses a path of peers pseudo-randomly through a restricted topology in a way that adversaries cannot easily influence.

    Such systems right now have too high a latency and too much overhead (such as a peer sending "noise" into the network when not having the need to send any real data, just to deter packet analysis) that they aren't terribly practical... for now. So you most likely won't see the technology bundled in the next KaZaA, BitTorrent, etc., but we'll see what the future holds.

    - sm
  10. You missed some points. by Positive+Charge · · Score: 5, Interesting

    (I know because I submitted this article too.)

    1. The Navy is bankrolling the development, presumably to allow government employees to surf around without leaving ".gov" and ".mil" ip addresses in logs.

    2. JAP supposedly has a German Government implanted backdoor that this one shouldn't because it's open source.

    I think that the US Government is bankrolling it to piss off the Chinese.

  11. An Important Message by Gannoc · · Score: 4, Funny


    This technology will certainly become a favored tool of terrorists trying to avoid the justice of the Bush administration.

    Sincerely,

    The MPAA.

  12. Re:Freenet vs onion routing by complete+loony · · Score: 5, Informative

    Onion routing does just that, it is a method for picking an anonymous route. Freenet is a distributed database.
    In onion routing the client picks N nodes from the list of servers and encrypts using each servers public key. Then sends the data to the first server. In onion routing each packet of data contains the entire routing list, though it is encrypted in such a way that each node can only tell what the next node is.
    Each Freenet nodes caches data blocks based on demand. When a request arrives looking for a data block Freenet forwards the request to a node that has similar information until the correct block is found. Each freenet node only knows about the next and previous nodes, and the route is determined by the key you are searching for.

    --
    09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
  13. Is the route preselected? by brett42 · · Score: 4, Insightful

    From the couple of days I spent actually working in my highschool cisco class, I remember each router in a path is supposed to be able to optimize the route a packet is sent on by using local information and the packet's final destination. From what I gather from the limited technical details in the article, this protocol would require knowledge of the entire route at the initial node to handle the 'onion layer' encryption.

    Is there some way of optimizing a path through a given number of nodes without keeping huge amounts of information about latency on every two nodes, or is this just bouncing the packet around for a while for anonymity and accepting the added latency, plus possibly the time it takes to detect and resend packets when one node in a path suddenly goes dead, making the custom-encrypted packet worthless?

  14. Anonymous mailer technology by KillerCow · · Score: 5, Interesting

    This sounds like a reinsertion of all the technology that has gone into anonymous mailers over the years (see MixMaster.) I hope that they aren't re-inventing everything and repeating the same mistakes. The existing technology should be mostly portable from the application layer to the session or layer.

    I was at a presentation by the guy behind MixMaster and was impressed by all the thought that has gone into the various generations of the application. They even had it generating fake messages so you can't do traffic analysis.

  15. Onion Routing by dachshund · · Score: 5, Interesting
    Onion Routing has been around for several years. Tor is an effort to make the original protocol more practical. It replaces several nice features from OR, specifically the notion of "reply onions", which allowed message recipients to route replies back to the sender without learning the sender's identity. Instead, TOR recommends a form of "rendezvous point" where receivers send messages to be routed back to the sender. It's not as elegant, and the security is not necessarily as strong, though it is more practical.

    It's important to note that there are some statistical attacks on both of these systems, and none of them are very secure for long communication sessions when group membership churns, as in a peer-to-peer network.

  16. Oh, for God's sake... by andymurph · · Score: 4, Interesting

    ... The Register broke this story ages ago: Here and Here. Why is /. so reluctant to credit these guys for the tech stories they so often break? Jealousy?