Slashdot Mirror
EFF Promotes Freenet-like System Tor
The submitter continues "It also allows you to install Tor-aware apps, such as an HTTP proxy (for private browsing), or maybe private P2P? Unlike Freenet, it doesn't use massive encryption (as far as I can tell) and relies more on something called onion routing to randomly bounce requests between other Tor proxies, thus obfuscating the IP of the original client. So it allows you to browse regular Internet sites! Maybe it should be considered more of an 'open-source' Anonymizer? But I don't know if it's actually Open Source - you can download the source (and compile it yourself) but I don't know if the developers are letting anyone else touch their code. They are, however, looking for contributors and other forms of help. And, finally, they're hoping people will start running Tor servers!" It's open source, however contributions are handled.
The EFF is a light in a dark wilderness. How amazing that a group of people so talented, experienced, and dedicated to digital liberty can come together and accomplish so much. Episode #74 of This American Life features EFF co-founder John Perry Barlow's touching account of a romance that blossomed between him and a wonderful woman he met at a convention. (Computer geeks take heed... play this story for a girl you fancy and see if it softens her heart.)
You are in error. No-one is screaming. Thank you for your cooperation.
If they really want to sniff you, what is to stop them from sniffing at that unavoidable first hop?
I'm sure this network will be used to share protected speech and not copyrighted binaries.
</sarcasm>
If it's not encrypting and just passing packets around then it sounds like the AT&T research Crowds proxy they were distributing a while ago. (it used to live at this page but I see it's gone now.)
Trolling is a art,
Unlike freenet, which I have tried to use for years and never got it to work properly, this actually works. Five minutes after I installed TOR i'm actually surfing the internet, anonymously, at decent speeds. Unlike freenet, i'm not stuck in a chatroom while someone tells me... Just wait 4-5 days for your node to associate with the network....
TOR is great, go EFF, making me proud to be a member!!!!
I, for one, do not use peer-to-peer file sharing for any reason. However the answer to secure peer-to-peer file sharing is so simple it's right in front of our noses.
First, encrypt the file you want to send with GPG, make the decrypting password "1" or "A" or something that simple. If "any one else" decrypts the file and prosecutes you for it, you can get off by using the DMCA. That's right, the DMCA works for people too.
Under the DMCA, the sender and receiver are the only two authorized to decrypt that file. If "any one else" decrypts it, even though they know the password, they are guilty of violating the DMCA. Now, from what I understand about the law, without a warrant to decrypt your encrypted file, it's not admissable in court because a law was broken to retrieve the file contents. No court likes "bad" cops, it's bad PR for judges.
Current peer-to-peer technologies that are wide open are sufficient to carry "secure" information. Expending the extra energy to encrypt the file before it's sent is the problem. People need to stop being lazy.
"If technology is plausible, we acheive it. Now pull the lever and 'beer me'."
- Just my $0.02, take with a grain of salt, your mileage may vary.
Two questions come immediately to mind:
1) Can spam be sent through Tor?
2) Can spammers collect data by running a Tor server of their own?
I checked the site's FAQ but couldn't find answers there.
System Tor... I think that's in Devonshire, right?
In Soviet Rush, today's Tom Sawyer gets high on you.
Besides, getting rid of anonymity would help with the spam crap.
In fact, I don't see anything positive in anonymity.
And wait for my traffic to pass through some hippy's 386 running linux? I sure hope this requires some minimum hardware and bandwith to allow participation.
I wonder if this could somehow be a case where it is not cost effective for RIAA/MPAA to track down the sharer of a particular file? I mean, they could do track down at least ONE file-sharer and then sue that person. But is just one person being sued serve as a sufficient deterrent to stop many filesharers?
Right now, there are hundreds or even thousands of file sharers being sued (or being threatened, or getting letters etc). That threat serves as a real deterrent. But if it were too costly for them to detect hundreds of file sharers, the threat posed may not deter many people from sharing files. So, if so, then Tor could be a real plus for file sharers.
eat shiat and bark at the moon
Well, so much for that. *badaboom*
An imperfect plan executed violently is far superior to a perfect plan. -- George Patton
Seems like a great system, but I just cant understand this statement: "Currently, Tor development is supported by the Electronic Frontier Foundation. Tor was initially designed and developed as part of the U.S. Naval Research Laboratory's Onion Routing program with support from ONR and DARPA."
*Puts on tinfoil-hat* isn't the guys at *.mil making their jobs harder by doing this? anonymous "terrorists" communicating freely without any traces, or do they already have this covered in the system? a honeypot?
TOR Books, one of the largest publishers of Science Fiction and Fantasy in North America *might* have some problem with this...Methinks that I should let David Hartwell know...and the wonderful people at EFF...
ttyl
Farrell
CAN-CON 2019 - Ottawa's only book oriented Science Fiction Convention! October 18-20, Sheraton Hotel, Ottawa, Canada h
Just a quick FYI, TOR is an onion routing system, meaning that the data is passed between TOR proxies until it reaches it's destination. This means that eventually you still need to fetch the data from a server, which means that the server can still be put under attack or taken down.
FreeNet is much more robust as you inject content and then it is stored in many nodes. Thus, it can't be taken down. Furthemore, in FreeNet different parts of the data are obtained from different sources, preventing more work that could be done with traffic analysis.
To say that TOR is like FreeNet is to seriously discount the features of FreeNet. TOR is a system for running Onion proxies. FreeNet is a completely anonymized hosting and content distribution system.
My Slashdot account is old enough to drink...
... it must be intended primarily for satirical content.
Freenet - but not in Java?! Sign me up. Keep that nasty java off my system. GRSec and PaX don't like it and keep killing it off anyway.
Get your own free personal location tracker
Let me get this straight. As a TOR node, my computer will request information from regular web sites unencrypted. This means that when someone requests e.g. child porn on the network, and my node is chosen to retrieve it, my IP will be the one logged?
You are in for a world of hurt if you run a TOR node. Since you are perfectly aware of all plain HTTP requests your node makes, you are likely to stand trial for contributory copyright infringement, import/export/distribution of child porn, conspiracy to [whatever] and so on. Since I assume by default it doesn't log anything to give you someone to blame it on, they pin it on you.
I would honestly never run a TOR node. If I did, I would firewall it to only allow connections to other TOR nodes, i.e. be a pure leech on the network. Anything else is to expose yourself for a wide range of legal disasters. Freenet had this right. You must not know what you are transmitting. This idea is fundamentally flawed and I'm amazed that the EFF would support it.
And beyond that, from the brief techincal discussion, you have a single point of failure in the directory server. Gather a small botnet, compromise the server and present the botnet as the routing nodes. You control all the keys, you decrypt everything. Or just a simple DDoS attack, so you don't find any nodes to route through. Overall, I'm not impressed.
Kjella
Live today, because you never know what tomorrow brings
Hi there! I'm Chris Palmer from EFF. I am working with the Tor developers, so I know a bit about it. I'll try to clear up some questions and misconceptions people seem to have.
:)
:) Tor works. It is stable, many bugs have been fixed, and the protocol is moderately stable. Tor does not crash randomly or eat all your memory. What's in flux is bigger picture items, such as "How can we reduce our dependency on the central directory server" and "Wouldn't a GUI configuration tool be nifty?"
1. Spam? Well, spammers already have much better tools than Tor. Namely, botnets. The Tor network currently doesn't support the kind of bandwidth usage spammers can chew up. By their willingness to break the law, spammers and criminals already have good tools to hide their network origin. Tor doesn't really help them. Plus, the default Tor exit policy is to block port 25.
2. Free/open source? Yes, three-clause BSD. EFF would not financially support a non-free/open source project!
3. Do you have to trust the nodes? You have to trust the entry node and the exit node. The entry node can be on your own computer, which I highly advise people to do. It's easy to install on all platforms, so that shouldn't be a hurdle. As far as trusting the exit node: Yes, the exit node can see the plaintext of your communications. That is why you should always use end-to-end encryption, anyway! Remember, all normal Internet routers in your route can read your traffic; Tor is actually BETTER because traffic is strongly encrypted (AES, multiple times) while inside the Tor network.
So, you actually have to trust Tor a bit less than regular Internet routes.
Use encryption.
4. Is it like Freenet/Crowds/Anonymizer? Yes, and no. It is like somewhat like those systems in goals, but the design is different. For example, unlike Freenet, Tor helps you talk to the real Internet. Unlike Anonymizer, Tor uses a whole network of proxies, not a single proxy; and the proxies are generic SOCKS proxies, not specifically HTTP.
5. Version number is too low. Is this alpha software? Roger and Nick are very modest.
6. Is there a backdoor? Well, you tell me. The source code is open. Is there a backdoor in other free software you like?
7. Minimum bandwidth requirement? For exit and middleman nodes, yes, you should have a reasonable pipe and a stable machine. "Reasonable" pipe can mean a good DSL connection. Crappy nodes can degrade the network for those poor saps whose circuit goes through one. That is why the directory server operators won't list your server unless it meets basic stability and bandwidth requirements.
In Tor's case there is a centralised global list of all peers which must be added to manually by Tor's developers. This is fine with a small number of users, for which Tor clearly works well, but isn't practical when dealing with large numbers of users.
Freenet, for all its faults, is designed to deal with potentially millions of unreliable peers. It is its ability to do this that makes it such an ambitious project, and makes any comparision between it and Tor a situation of apples and oranges.
I mean, why do you even need something like this? If you don't have anything to hide, there shouldn't be a problem with your internet chats being monitored.
BTW, click here
UTF-8: There and Back Again
Then where do we draw the line between "Omg, technology for terrorists" and real useful software? What about instant messanger systems?
Does AIM and MSN user = Terroist?
No.
But they can very easily use such software can they not?
What about Planes? Maybe we should stop using planes.. I mean terrorists can use them to fly into our buildings.
Why are you drawing the line at this piece of software? Where should this line be? The further it goes into our freedoms...
As someone who has watched, helped with, and discussed various anonymous networks from Pipenet through Onion routing and Tor I can give you the quick summary for why NRL was interested in anonymous browsing (because when they first came out with the Onion network stuff it really was a surprise.)
.mil or .gov site.
Sometimes, government agencies would prefer it if web queries did not show up in the server's logs as coming from a
Just knowing what someone is reading or researching is a good source of intel, some government agencies see more benefit to this than the downside of potential terrorist uses.*
Jim
* anyway, if you work for a big governement agency you have the resources to treat these sorts of networks like a big black box and link up the endpoints. This is a fatal flaw to _all_ real-time anonymous networks. A big attacker can treat all of the fancy games you play in the middle of network as noise and just link up "message X went into dark network at time T and a message close to the size of message X came out of the network at time T +1, followed by a similarly linkable message going back the other way..."
Somebody quick! Make a FireFox extension that adds a button to the toolbar that says "Switch to TOR mode" or something to that effect.
It would be nice if TOR were easy to turn on and off within a given browser or other http-aware client. I can't see need the for use TOR 100% of the time, especially since there is a performance hit. And it seems like it would be a pain in the ass to have to reconfigure the browser's proxy settings each time you want to use TOR for browsing/downloading.
I'd take a crack at it myself, but I'm no code monkey. I'm a documentation nerd. If anybody wants to develop this, let me know and I'll do the docs and help files.
Transistors and Beer!!
Look, you don't know who I am. I'm anonymous. I don't really want you knowing who I am because some of you are freaks (no offense). It works and it's all I really need.
Is this REAL anonymity? Not really. If I come on here and say I'm going to kill George Bush they'll find out who I am in a heartbeat. I don't really have a problem with that. Basically the only people who are not anonymous are criminals. This is simply because in the vast sea of people on the internet who really gives a crap who "Smilin" is unless he does something wrong. You don't like it? Don't pirate software and don't threaten dubya!
I WANT criminals to be tracked down by IP and prosecuted. It's just difficult enough to find out who someone is to stop most freaks (like you guys, no offense) but not difficult enough that law enforcement can't do it when they need to. I would rather things stay in this false illusion of anonymity state. Thank you very much.
P.S. For you secret service guys who just read this: No worries. You can all basically just go take naps anyway. No one is going to kill dubya while he has Cheney next in line for assasination insurance.
...maybe I'll just dig up the link to what happened with the JAP proxy network, providing pretty much exactly the same service:
Net anonymity service back-doored
Basicly, they were given the choice of backdooring it or shutting it down. Yes, the whole network. They did install a backdoor (still with source), got found out but they didn't exactly have much trust left.
Can someone explain to me why the exact same will not happen to this service? Any reason why TOR servers would have greater legal immunity? I don't see it, at least.
Kjella
Live today, because you never know what tomorrow brings
I don't think this system will be usable for piracy. Have you ever used <hat foil="tin">Freenet</hat>? Because of all the hopping though random nodes, "random" routes and encrypted traffic it's quite slow.
Take the example of the average "anonymous proxy" on the internet. After someone finds the proxy, it usually takes about 5 to 10 hours before the proxie's bandwith is completely saturated making it unusable. Even if Tor is to loadbalance all it's nodes, it's still going to be SLOW with the added encryption etc. Remember kids, using proxies that are close to you isn't anonimity but asking for problems with the law (usually why people want to use anonymous proxies is to avoid problems their employer/government could create).
Lastly, most anonymous networks are unreliable by nature. Freenet is unreliable because it drops "unpopular" keys and their content in favour of popular keys. Anonymous relays (eg mixmasters) are known to drop messages at random.
What's about GNU's own GPL'd freenet "clone" GNUNet?
I've successfully used it to get some pr0n, at decent speeds. You might also search it for "Billy Joel" to see my additions to the network.
Tor already provides the means for people to run a tor node as only a router (add the line: reject *:* in your torrc), not an exit node. Hence, your IP will never download kiddie porn or anything like that.
Tor supports something called a "hidden service" which allows you to serve something, such as a web site, ftp, or dare I say, a bittorent link.
The neat thing is, you can serve the service without anyone knowing your IP address. So you would share a link such as follows: http://6sxoyfb3h2nvok2d.onion/ (which is the tor hidden service wiki BTW). The Tor servers "meet in the middle", thus hiding the originating serving ip address. Read here for more on this functionality.
This could really shut the door on XXAA type organizations looking to hunt down people for litigous purposes.
Tor is great. I've been playing with it for a while - the sheer simplicity of setup makes it fantastic, and it's highly amusing to go to whatismyip.com half a dozen times and get different IPs.
Once I get the firewall box I want set up I plan to make one port link directly into Tor, so that anything plugged into that port is shunted 100% into the Tor network. Right now you've sort of got to trust that your program really is punching everything through the SOCKS proxy - not all programs are really reliable about that, plus the program can still see your IP if you're not behind a firewall.
Breaking Into the Industry - A development log about starting a game studio.
It's a method for the transportation of data - it in no way encourages any specific type of traffic. I could mention several straw-men arguments about telephones and vehicles that also could be used for horrible child crimes...
Relative anonymity isn't inherently destructive - nor is the anonymity offered here absolute. Conventional methods of online social investigation will still catch the people you imagine, as there is still a source and destination. With child crimes in particular, the investigation should move offline as soon as possible anyway as soon as suspicions arise.
People who attack and cruelly manipulate children deserve punishment - the rest of the world does not need to close entire realms of technology down for the sake of that punishment. The nerds of the world shouldn't be forced to think about punishing criminals when they make their tools any more than car manufacturers.
Ryan Fenton
...but what exactly is the incentive to actually help the TOR network? Seems to me that you can just leech as much as you want, give nothing. And each byte I download gets multiplied by as many nodes as I route through. Right now, it would appear they have a small userbase and mostly volunteer providers. What would happen if it got exposed to say, the slashdot userbase? Or people in general?
Kjella
Live today, because you never know what tomorrow brings
As a civil libertarian I love the idea, and I would be happy to run a Tor server if I could restrict what filetypes I pass through. I'm not interesting in helping people pass kiddie porn or pirated movies through my server (which I assume would be a primary use of this), so I would want to restrict it to text and html mimetypes. I looked through the FAQ and documentation and didn't see any mention of this.
Any developers here that can comment on if a feature similar to this is planned for a future release?
501 Not Implemented
Fine. Then allow the child pornographers to distribute their "product" - and bust them at other phases of their operation.
Tell me this. How many child pornographers are busted when someone trades illegal pictures? Not illegal picture-traders, the actual people who TAKE the pictures?
By blocking the flow of information, you can only bust the picture-traders. And you get a nice excuse to bust anyone else whom you can reasonably define as a "terrorist" or other undesirable.
Bust the guys taking the pictures, at the source. When you get a kid who's been abused in this way, they can lead you to the picture taker.
The excuse of "needing better tools for law enforcement" is very often used as an excuse to abridge civil rights.
Child pornographers are bad. And should be stopped wherever their found. But I'm not ready to accept that we, as a civilization, can afford to eliminate anonymous speech. When we have better rules (that are enforced) to protect whistleblowers and dissidents, then maybe we can do away with anonymity.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
I swear to God that nearly every article filed under YRO is about some new hip flavor of software that will, inevitably, be used to unlawfully distribute intellectual property.
One man's pirate is another man's freedom fighter.
It's simple: I demand prosecution for torture.
Ryan,
Thanks for the reasoned reply.
I don't disagree that Freenet is a tool, but I'm not sure all factors are equal in judging tools. We could compare to Kazaa, which does trade legitmate files... but trades scads of pirated material. Kazaa may trade many pirated files, but the relative harm is far less. Copyright infringement isn't in the same ballpark as child molestation... the law recognizes this with the vast difference in their respective penalties. The amount of harm (and type of harm) with Kazaa can be argued either way... I don't find Freenet to be nearly as grey.
Admitted, the Freenet choice is binary; install it and tolerate the content, or not. However, I don't find free speech as an issue to be so black-and-white (that'll bring on the flamewar). Like most things, one needs to apply the doctrine of competing harms.
Everyone makes choices for themselves based on their own risk/benefit analysis. Cars and firearms inarguably cause thousands of spectacular deaths every year... yet if you really crunch the statistics, most guns are used to punch holes in pieces of paper, and most cars are tranportation devices rather than deathmobiles. My feeling is that the positive balance of content on Freenet is far less clear. If there's one legitimate persecuted speech document on Freenet, does that mean we tolerate 10000 pieces of child porn? That scale doesn't balance for me... but that's me, particularly when there are other ways to distribute that content without the baggage.
I don't disagree with the existence of the tool... just one particular use of the tool. The choice being all-or-none, I couldn't justify a node for myself... I'm not saying those who set up those nodes are evil or amoral... just that their scales balance a little differently than mine.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
By this argument, you could never own an apartment, rental house or hotel, because child abuse could be committed on your property.
I swear to God that every automobile produced in a plant is some hip flavor of human body crushing device that will undoubtably be used to kill children.
The grandparent seemed to be insinuating that it's immoral to care only about being associated with child porn, by caring only about being associated with it, not about carrying it at all. The reply was pointing out that if you think it's immoral to carry information blindly, then being a postman is immoral.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
I don't have a problem with Freenet because
a) Freenet doesn't actually cache child porn on your drive. It may cache fragments of binary data which, if pieced together with other fragments from other sources and decoded a certain way, could be interpreted as something illegal. But that's a far cry from actually putting pictures or video on your disk.
b) If someone looks at child porn from Freenet, no child is harmed. Since it's on Freenet, not only has the producer not been paid, he has no way to know that anyone has even seen it. Obviously the act of producing porn can harm children, but I can't think of any reason that anonymously viewing it with Freenet would lead to any further harm. So it's pretty much a victimless crime.
Still, I don't currently run a node because Freenet's slow as fuck and has almost no content (legal or illegal). But I think the concept behind it is incredibly important, and I'll probably start running a node once it gets faster and/or I get a static IP.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
Indeed, IP "piracy" is the largest civil disobedience movement in history. Larger than the independence movement in India, and larger by far than the civil rights movement of the 1960s in the U.S. Well, it might not be as large as the war for drug freedom, but it's pretty close.
-I like my women like I like my tea: green-
Free-as-in-beer does not make it legal. The creation, distribution, and possession of child pornography remains criminal even when no money changes hands.
It doesn't matter if no one downloads your files, you have made the attempt to distribute through a plausible channel and that is enough to hang you.
"Mere viewing" is not a victimless crime. This is lazy, inexcusable, sloppy, thinking.
Put yourself in the place of the child, her guardians, her counselors, and ask if you would want still photos and videos of her rape to be broadcast over the net, to circulate for all eternity.
You haven't considered the possibility that the child might be identifiable and still at risk. You view her anonymously but do nothing to help. Silence gives consent.