Slashdot Mirror
EFF Promotes Freenet-like System Tor
The submitter continues "It also allows you to install Tor-aware apps, such as an HTTP proxy (for private browsing), or maybe private P2P? Unlike Freenet, it doesn't use massive encryption (as far as I can tell) and relies more on something called onion routing to randomly bounce requests between other Tor proxies, thus obfuscating the IP of the original client. So it allows you to browse regular Internet sites! Maybe it should be considered more of an 'open-source' Anonymizer? But I don't know if it's actually Open Source - you can download the source (and compile it yourself) but I don't know if the developers are letting anyone else touch their code. They are, however, looking for contributors and other forms of help. And, finally, they're hoping people will start running Tor servers!" It's open source, however contributions are handled.
The EFF is a light in a dark wilderness. How amazing that a group of people so talented, experienced, and dedicated to digital liberty can come together and accomplish so much. Episode #74 of This American Life features EFF co-founder John Perry Barlow's touching account of a romance that blossomed between him and a wonderful woman he met at a convention. (Computer geeks take heed... play this story for a girl you fancy and see if it softens her heart.)
You are in error. No-one is screaming. Thank you for your cooperation.
If they really want to sniff you, what is to stop them from sniffing at that unavoidable first hop?
Unlike freenet, which I have tried to use for years and never got it to work properly, this actually works. Five minutes after I installed TOR i'm actually surfing the internet, anonymously, at decent speeds. Unlike freenet, i'm not stuck in a chatroom while someone tells me... Just wait 4-5 days for your node to associate with the network....
TOR is great, go EFF, making me proud to be a member!!!!
I, for one, do not use peer-to-peer file sharing for any reason. However the answer to secure peer-to-peer file sharing is so simple it's right in front of our noses.
First, encrypt the file you want to send with GPG, make the decrypting password "1" or "A" or something that simple. If "any one else" decrypts the file and prosecutes you for it, you can get off by using the DMCA. That's right, the DMCA works for people too.
Under the DMCA, the sender and receiver are the only two authorized to decrypt that file. If "any one else" decrypts it, even though they know the password, they are guilty of violating the DMCA. Now, from what I understand about the law, without a warrant to decrypt your encrypted file, it's not admissable in court because a law was broken to retrieve the file contents. No court likes "bad" cops, it's bad PR for judges.
Current peer-to-peer technologies that are wide open are sufficient to carry "secure" information. Expending the extra energy to encrypt the file before it's sent is the problem. People need to stop being lazy.
"If technology is plausible, we acheive it. Now pull the lever and 'beer me'."
- Just my $0.02, take with a grain of salt, your mileage may vary.
Two questions come immediately to mind:
1) Can spam be sent through Tor?
2) Can spammers collect data by running a Tor server of their own?
I checked the site's FAQ but couldn't find answers there.
I wonder if this could somehow be a case where it is not cost effective for RIAA/MPAA to track down the sharer of a particular file? I mean, they could do track down at least ONE file-sharer and then sue that person. But is just one person being sued serve as a sufficient deterrent to stop many filesharers?
Right now, there are hundreds or even thousands of file sharers being sued (or being threatened, or getting letters etc). That threat serves as a real deterrent. But if it were too costly for them to detect hundreds of file sharers, the threat posed may not deter many people from sharing files. So, if so, then Tor could be a real plus for file sharers.
eat shiat and bark at the moon
Seems like a great system, but I just cant understand this statement: "Currently, Tor development is supported by the Electronic Frontier Foundation. Tor was initially designed and developed as part of the U.S. Naval Research Laboratory's Onion Routing program with support from ONR and DARPA."
*Puts on tinfoil-hat* isn't the guys at *.mil making their jobs harder by doing this? anonymous "terrorists" communicating freely without any traces, or do they already have this covered in the system? a honeypot?
TOR Books, one of the largest publishers of Science Fiction and Fantasy in North America *might* have some problem with this...Methinks that I should let David Hartwell know...and the wonderful people at EFF...
ttyl
Farrell
CAN-CON 2019 - Ottawa's only book oriented Science Fiction Convention! October 18-20, Sheraton Hotel, Ottawa, Canada h
Just a quick FYI, TOR is an onion routing system, meaning that the data is passed between TOR proxies until it reaches it's destination. This means that eventually you still need to fetch the data from a server, which means that the server can still be put under attack or taken down.
FreeNet is much more robust as you inject content and then it is stored in many nodes. Thus, it can't be taken down. Furthemore, in FreeNet different parts of the data are obtained from different sources, preventing more work that could be done with traffic analysis.
To say that TOR is like FreeNet is to seriously discount the features of FreeNet. TOR is a system for running Onion proxies. FreeNet is a completely anonymized hosting and content distribution system.
My Slashdot account is old enough to drink...
Freenet is unusable for me because of its java nature (for ideological reasons - it is absurd to require something as vehemently antifree as Java for freenet).
/.ed.
What is Tor implemented in?
This is an honest question, not a troll.
No, I can't "check out the link" - because it's just been
As someone who has watched, helped with, and discussed various anonymous networks from Pipenet through Onion routing and Tor I can give you the quick summary for why NRL was interested in anonymous browsing (because when they first came out with the Onion network stuff it really was a surprise.)
.mil or .gov site.
Sometimes, government agencies would prefer it if web queries did not show up in the server's logs as coming from a
Just knowing what someone is reading or researching is a good source of intel, some government agencies see more benefit to this than the downside of potential terrorist uses.*
Jim
* anyway, if you work for a big governement agency you have the resources to treat these sorts of networks like a big black box and link up the endpoints. This is a fatal flaw to _all_ real-time anonymous networks. A big attacker can treat all of the fancy games you play in the middle of network as noise and just link up "message X went into dark network at time T and a message close to the size of message X came out of the network at time T +1, followed by a similarly linkable message going back the other way..."
Somebody quick! Make a FireFox extension that adds a button to the toolbar that says "Switch to TOR mode" or something to that effect.
It would be nice if TOR were easy to turn on and off within a given browser or other http-aware client. I can't see need the for use TOR 100% of the time, especially since there is a performance hit. And it seems like it would be a pain in the ass to have to reconfigure the browser's proxy settings each time you want to use TOR for browsing/downloading.
I'd take a crack at it myself, but I'm no code monkey. I'm a documentation nerd. If anybody wants to develop this, let me know and I'll do the docs and help files.
Transistors and Beer!!
Look, you don't know who I am. I'm anonymous. I don't really want you knowing who I am because some of you are freaks (no offense). It works and it's all I really need.
Is this REAL anonymity? Not really. If I come on here and say I'm going to kill George Bush they'll find out who I am in a heartbeat. I don't really have a problem with that. Basically the only people who are not anonymous are criminals. This is simply because in the vast sea of people on the internet who really gives a crap who "Smilin" is unless he does something wrong. You don't like it? Don't pirate software and don't threaten dubya!
I WANT criminals to be tracked down by IP and prosecuted. It's just difficult enough to find out who someone is to stop most freaks (like you guys, no offense) but not difficult enough that law enforcement can't do it when they need to. I would rather things stay in this false illusion of anonymity state. Thank you very much.
P.S. For you secret service guys who just read this: No worries. You can all basically just go take naps anyway. No one is going to kill dubya while he has Cheney next in line for assasination insurance.
What's about GNU's own GPL'd freenet "clone" GNUNet?
I've successfully used it to get some pr0n, at decent speeds. You might also search it for "Billy Joel" to see my additions to the network.
It sounds like MPLS to me, which is a protocol used in VoIP. Same setup, the route is added one hop at a time. The first message has to find it's way, but after that, each router peels the label (L in MPLS), routes it to that hop, and therefore routhing is very fast after the connection is established. What I don't understand is, the first hop has to know your requesting a www.yahoo.com page or it wouldn't know where to send your message. Therefore, if an open source TOR server can decode your message, then why couldn't a packet capture tool and post processing do the same?
for me is not the speeds, or the difficulty in implementing it... it's the child porn.
Sorry, but I just can't get past that. I hear all the posters and academics argue about "free speech means tolerating speech you don't like"... but free speech != exploitation of the innocent. Adult porn is one thing... you can at least make the argument that they're consenting adults just making a living... child porn is simply vile... it's sexual exploitation of someone too weak to fight, and mentally unable to understand and/or consent.
I'm not attempting to play the "won't you think of the children?" card. I'm an EFF member, and a believer in free speech, but there's a bright line there for me. It's my job, literally, to take care of children who have been either physically abused, sexually abused, or both. Those kids are often brought straight to the ER, where Children's Services and I try to pick up the pieces. Maybe I'm too close to the issue, because it's simply visceral for me; I cannot stand the thought of aiding and abetting those kinds of acts, or encouraging the slime who get their jollies from that kind of thing.
I'm a free speech supporter, but child porn on my computer? I just can't get there.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
Tor supports something called a "hidden service" which allows you to serve something, such as a web site, ftp, or dare I say, a bittorent link.
The neat thing is, you can serve the service without anyone knowing your IP address. So you would share a link such as follows: http://6sxoyfb3h2nvok2d.onion/ (which is the tor hidden service wiki BTW). The Tor servers "meet in the middle", thus hiding the originating serving ip address. Read here for more on this functionality.
This could really shut the door on XXAA type organizations looking to hunt down people for litigous purposes.
As a civil libertarian I love the idea, and I would be happy to run a Tor server if I could restrict what filetypes I pass through. I'm not interesting in helping people pass kiddie porn or pirated movies through my server (which I assume would be a primary use of this), so I would want to restrict it to text and html mimetypes. I looked through the FAQ and documentation and didn't see any mention of this.
Any developers here that can comment on if a feature similar to this is planned for a future release?
501 Not Implemented
The grandparent seemed to be insinuating that it's immoral to care only about being associated with child porn, by caring only about being associated with it, not about carrying it at all. The reply was pointing out that if you think it's immoral to carry information blindly, then being a postman is immoral.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Indeed, IP "piracy" is the largest civil disobedience movement in history. Larger than the independence movement in India, and larger by far than the civil rights movement of the 1960s in the U.S. Well, it might not be as large as the war for drug freedom, but it's pretty close.
-I like my women like I like my tea: green-