Slashdot Mirror
Tor: A JAP Replacement
kid_wonder writes "Wired is running an article describing an answer to this previous /. story. Packets are sent through a network of randomly selected servers each of which knows only its predecessor and successor. Packets are unwrapped by a symmetric encryption key at each server that peels off one layer and reveals instructions for the next downstream node. As a 'connection-based low-latency anonymous communication system,' Tor seems to be the answer to JAP to allow anonymous networking activities of all kinds."
sigh...
our East Asian readers, will readily endorse this new standard...Honestly, I guess not many people think about their acronyms before they are released to the public.
Sig it.
Wow. Lots of DefCon related stories.
Anyway, for those asking, no, this isn't quite like Freenet. In TOR, you decide which points you want to send traffic through (and negotiate encryption keys with each one individually), and, unlike FreeNet, you can tunnel existing protocols over it (like, say http).
There's a lot of promise here, but in his talk, he was looking for sites that had at least 1Mbps up & down speeds for nodes. This isn't quite like Peekabooty, in that right now they're not looking for everyone to run a middleman node.
to help Internet users surf the Web anonymously and shield their online activities from corporate or government eyes. The system is based on a concept called onion routing.
I've just tried to set www.theonion.com:8800 as http proxy but it doesn't work...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
The new version will eventually be called ARAB. One of the security improvements is sandboxing, and when a process begins to misbehave, it's quickly killed.
That's exactly what I thought (and I believe that we're right). What's interesting here though is that it claims to be low-latency, a quality rarely associated with Freenet and probably the primary reason that Freenet remains largely used by people who need/want _extreme_ anonymity rather than your average movie downloader wanting to avoid one of those nasty lawsuits.
Such systems right now have too high a latency and too much overhead (such as a peer sending "noise" into the network when not having the need to send any real data, just to deter packet analysis) that they aren't terribly practical... for now. So you most likely won't see the technology bundled in the next KaZaA, BitTorrent, etc., but we'll see what the future holds.
- sm
(I know because I submitted this article too.)
1. The Navy is bankrolling the development, presumably to allow government employees to surf around without leaving ".gov" and ".mil" ip addresses in logs.
2. JAP supposedly has a German Government implanted backdoor that this one shouldn't because it's open source.
I think that the US Government is bankrolling it to piss off the Chinese.
Onion routing does just that, it is a method for picking an anonymous route. Freenet is a distributed database.
In onion routing the client picks N nodes from the list of servers and encrypts using each servers public key. Then sends the data to the first server. In onion routing each packet of data contains the entire routing list, though it is encrypted in such a way that each node can only tell what the next node is.
Each Freenet nodes caches data blocks based on demand. When a request arrives looking for a data block Freenet forwards the request to a node that has similar information until the correct block is found. Each freenet node only knows about the next and previous nodes, and the route is determined by the key you are searching for.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
This sounds like a reinsertion of all the technology that has gone into anonymous mailers over the years (see MixMaster.) I hope that they aren't re-inventing everything and repeating the same mistakes. The existing technology should be mostly portable from the application layer to the session or layer.
I was at a presentation by the guy behind MixMaster and was impressed by all the thought that has gone into the various generations of the application. They even had it generating fake messages so you can't do traffic analysis.
It's important to note that there are some statistical attacks on both of these systems, and none of them are very secure for long communication sessions when group membership churns, as in a peer-to-peer network.
What a crazy attitude to have. There are other reasons you'd need that much anonymity.
First, your dismissal of people who live in China is incredibly inappropriate. Over a billion people live there, and you just dismissed them out of hand. And then there's the exile situation; what about somebody who's now living in the US who still can't speak out freely because of repercussions on friends/family back home? Do they simply not count?
There are plenty of other reasons, though, all the way from "VP in Fortune 500 company wants to expose toxic waste problems without risking being found out as the source" to "I'm such an incredibly paranoid person that I don't want to risk the wrath of the US government for posting these funny pictures of Bush" all the way to the classic standby, "because I want to".
I don't use Freenet, but I also don't simply assume that everybody who searches for perfect anonymity must be a reprehensible criminal.
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
I believe the encryption is layered on from the start, and peeling occurs at each transfer, not peel/crypt/peel/crypt/etc.
I was surprised to see no one posted this earlier; the author of Tor gave a very good presentation at DEFCON last week, and I'll have to get out my CD with his presentation on it, but it's different from Freenet in a few ways. For one, apparently Freenet isn't totally free.
As a side-note, the author is still working on a method to accept/sign-up/recruit primary [trusted] nodes.
Linux: The world's best text-adventure game.