Slashdot Mirror
Tor - The Yin or the Yang?
An anonymous reader writes "Whitedust is running a interesting article on Tor, The Onion Router project sponsored by the EFF. Tor aims to offer anonymous internet use. Once sponsored by the Naval Research Lab with support from DARPA, it is now managed by The Free Haven Project. Although Tor claims to improve safety and security, the article goes into detail on how Tor can be used as a anonymous attack platform."
yin yang wins over ying yang
it's yin, not ying, you insen.... blah. :)
It's "yin or yang". Good going, Slashdot.
It's already being used this way. Friends still in IRC have been fighting Tor attacks by crapflooders that require 15-20 bans to get rid of the jerk. and the IP's line up with Tor proxies.
It's not hard to modify the client to do nasties for you. hell it can be used to attack any web forum easily without modification.
unfortunately the kiddies discovered it useful for attacking already.
Do not look at laser with remaining good eye.
While I do see some valid uses for it, I've only seen it abused on IRC by people who are using them to flood. I know, IRC isn't the center of the online universe.
Proxies can be used for good or bad too, why is this news? I think the freedom of persecuted people to read and write what they want takes precedence.
Congrats.
Now please give your home address and telephone no, so we can come and arrest you.
Sincerely,
The Governmint
www.notesmax.com
For a society to be free, it MUST be possible for people to do things that are against the law. That's just how it works. If people do something illegal then you can punish them, but only an extremely facist government could hope to prevent crimes before they occur.
If it becomes a large enough of a problem, i can see people firewalling based apon a list of tor nodes.
Let's all demonize useful technology before it gets out of the gate! Next year we can all mourn the loss of Sourceforge when it's 'determined' to be a repository for terrorist software development. Oh god, won't somebody help me off of this slippery slope?!
Give people anonymity and of course they are going to do bad things with it. The net is as anonymous as it needs to be. I see this only causing more trouble and headaches...
...You have no life.
Mod me as Troll, I don't need Good Karma.
I think I think, therefore I think I am.
Wasn't Thor part of the Norde mythology? What's Taoism got to do with it?
Of course, i could be wrong, and the yin / yang mentioned by the submitter is just out of topic.
Because the slashcoders worked overtime to ban posting to slashdot from as many tor servers as they could find.
You can't post to this page.
So if I am a Commie/Fascist dictator hell-bent on Internet censorship (think Hu Jintao) and I'm afraid of Tor, then all I have to do is block all IP access to the directory servers? That should solve the problem once and for all, right?
If so then Tor is only as good as the access to the directory servers for the hundreds of millions of individuals groaning under the yoke of the Commie-Fascist dictatorships all over the world.
Whitedust commented that the flaws in Tor could be fixed by moving away from the Onion network to an extended "Onion Ring" network.
There is truth in humor.
tell me exactly what is the point of this tech if not the be bad with it.. any good thing doesn't require you to hide behind anything. personaly i think people should be fully accountable for what they do.. allowing them to remove that they will just move to doing bad things. i know it can be used for good but so can just doing it normaly.. i under stand the reason behind it - it is neet, but it is only going to be abused.
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
The content of parent post is, of course, quite serious but I just died laughing at the irony of your post itself taking the form of a slippry slope fallacy.
RIAA Alert
Tor
KILL
KILL
KILL
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Call me paranoid, but I don't trust anyone other than the intended recipient to decrypt any sensitive data. The way I understand the program to work (correct me if I'm wrong) is that a "trusted" server on the end decrypts your packets and acts as the "proxy" between the tor network and the Internet. What if those trusted servers is compromised? Being so centralized, they make a good way to glean a lot of personal info.
Now, if you don't care about your data privacy, and just care about a hard to trace connection (i.e., for an attack, but there are plenty of other legitimate reasons), then Tor is pretty cool. However, since there are presently so few servers, and a lot of people DO seem to use Tor to crapflood IRC/forums/etc, it seems like more and more people are just banning the Tor IP addresses.
Maybe it's "Xing".
Oh, sorry, that's an MP3 encoder.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
You have got to be kidding me. I can barely use Tor to surf for porn at work, its so damn slow. IRC? Ya, it crawls too. This is using US tor servers too - good luck if one of the routers in the route is in some high speed country like bangladesh. Tor is a great idea maybe, but as it stands right now is so slow its not even funny.
Whitedust are becoming quite the spammers. Posting several things to /. that have been covered before in a way that just advertises their site
I guess we're seeing here that the size of the audience doesn't really matter, if at all.
-paul
Pistol caliber is like religion: everyone has their favourite, and theirs is the only right choice.
One of my 8 yahoo ones, or one of my 10 gmail accounts, or my 4 hotmail accounts or the mailinator account I'm about to make up for the next online form I come across that requires a 'valid email address'?
Or do you mean the 'real' email address that belongs to one of the more obscure web-based email services?
Real authentication is impractical in large numbers; this is why it has never been implemented. It barely worked when you sent a photo copy of your drivers' license in to your local BBS; but now, in the age of instant graticication and an international scale (how *can* you tell that ID from istanbul is fake or not?) it's flat out of the question.
To repeat the point; when it comes to the internet, real authentication is impossible.
which I have always heard descibed as ying-yang
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
A: Tor is a documented protocol. If you really REALLY want to block Tor on your network, configure your IDS to recognise the protocol setup, and kill THAT.
B: You can't quake through Tor. Tor only supports TCP, and it adds a fair bit of latency to boot.
Test your net with Netalyzr
I live in the USA, and I use it all the time at my high school. Why? My high school thinks it prudent to block many sites such as hackaday.com and coxandorkum.com. I also used it when I was in china to bypass the great firewall to check my evil capitalist college email.
I think that if anyone is being blocked from visitng any site, anywhere, they should use this to show how stupid and ineffective filters are, especially in schools. Why bother to educate responsibility on the internet when you can force it on kids!
You can tell tor what type of nodes to connect to, you don't have to just use "trusted nodes." It comes OOTB like that, but all it takes is a quick edit.
If you are sending unencrypted traffic over tor and you really have a need for anonymity you are stoopid anyway and you will die. If you are doing something that could cost you your freedom you need more than one layer - and tor, no matter how big the onion, is still just one layer.
...you can use it to protect your family from dangerous animals (deer, frog hoards, and spiders...I hate spiders), or you can kill people, which is wrong.
Anonymity conceals identity. People who commit crimes often don't want to get caught, so anonymity is something they desire.
Nothing to see here; move along.
Am I part of the core demographic for Swedish Fish?
Every Slashdot article since the beginning of time has had at least one typo. I've seen Slashdot editors misspell the word "the". That doesn't make them cultural idiots.
In response to your .sig: What about those of us who realise that a .45 is better for stopping someone on PCP than a .22, but a .22 is better for a Mob-Style, back of the head, execution?
Not that I've ever done either of those. Oh, no.
What, you think I'm lyin'? You callin' me a liar?
You callin' me a liar, issat i-
Er...
Edward@Tomato - /home/Edward/ man woman
man: no entry for woman in the manual.
"Qua!?"
There's only two types of people that would bother with annonymous internet usage... those doing something they fear might get them in trouble, and those that fear being monitored regardless if they're doing anything bad or not... either way, annonymous internet usage is somewhat a product of fear.
/." or whatnot.
Not saying there's anything wrong with acting on fear, but it can't be healthy to live always fearing "Oh no they might see me reading
Oh, sorry, that's an MP3 encoder.
No, it's not. It's an atrocity claiming to be one.
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
an RBL populated with the tor master list.
a BGP feed of tor hosts.
anyone game?
Only well-fed and wealthy people like you who live in relative safety in their countries have the luxury to think their comfort rates higher than the needs of the oppressed.
For christ's sake PLEASE tell me you don't actually buy the shit you're shovelling there.
When the script kids bury the legitimate posts, your ficitious chinaman's post is buried right along with them. When they flood out an IRC channel, his message is flooded out as well.
Nice troll, however, kudos to ya.
Any technology that empowers people can be used both for good and bad. Fire, knives, cars, gas, etc. Tor is not something that's likely to cause an end to the world, there are a lot more potent things to worry about.
Remember, Tor was made by the US Navy.
I wouldnt trust it with my privacy.
I'm sorry I ever donated money to the eff. First gilmore refused to close his open-spam-relay claiming some political dissident might need to use it to get vital messages out and now we have the same crap at the TCP level. Who needs microsoft to write a virus-loving OS that is regularly abused by spammers and micreants when you have folks like the EFF writing *nix code that does the same darn thing? Whatever happened to the idea that good internet neighbors don't help urchins abuse the rest of the net?
Most networks only let you register a handful of nicks. You should have gotten an IRCop to K-line the guy. #services, #help or similar
many shubs and zuuls knew what it was to be roasted in the depths of the tor that day I can tell you.
If you want a complete all-in-one Tor platform, look no further, Tor Desktop.
The Tor project has a FAQ about abuse, from the perspective of Tor server operators and other folks on the internet. Of particular interest are:
Also of interest on the main Tor FAQ is:
Basically, Tor goes through some effort in order to be easy to block, by making sure that you can easily get a list of exactly the Tor nodes that allow connections to your servers. If you don't think people who want privacy belong on your service, you don't need to support them; it's your service after all. (Some people have already written RBL-like tools, but I haven't seen any that I like so far; all the ones I've seen list all Tor servers, even the ones that do not permit outgoing connections and so cannot deliver unwanted connections.)
On the other hand, if you do think that privacy is a useful thing, there are ways to allow anonymous users without allowing unlimited abuse. See the first link above.
Tor is completely open-source and peer-reviewed. The protocol is documented, and there is already at least one third-party implementation (JAP) that can access the same network. You really think it has evil Government spyware in it? Give me a break.
Signature.
Not much you can do about it. Encryption, anonymous remailers, proxies, all can be used for good and bad purposes. So can speech, religion, press, arms, etc.
Either we stand up to our responsibilities as adults and advanced and civilized people with a sense of honor, propriety, and duty, and chase criminals and terrorists while playing by the traditions, rules, regulations, and laws... or we dispense with our rights, liberties, and privileges in the name of safety and prevention of infractions.
As we all well know, you cannot trade freedom for security and we'll be damned if we do. We can only try to find ways to stop the abuse but I sincerly hope people do not seek to go beyond that. I use Tor to get out of my subnet when it is blacklisted due to abuse activities by people also on the subnet. Why should I suffer for some arse's misbehavior? I also use it to keep my privacy when dealing with places where locals tend to have more than a touch of nastiness and vindictiveness.
The Internet is crawling with bad people. We shouldn't hesitate to use the privacy technologies availible to defend ourselves and we shouldn't be looking askance at them because some people abuse them. People abuse just about anything. That's human nature. Should we live in padded rooms in underground bunkers?
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
You forgot hot. It's Shields by a mile.
By the way, where are the obligatory Whisper Song jokes? (Though I doubt none of us, nevermind the Ying Yang Twins, would consider "Wait 'till ya see my traceroute" to be funny.)
You can hold down the "B" button for continuous firing.
Actually, some people from kaos theory security research are developing a project called the AnonymOS which encrypts and anonymizes all traffic through tor along with using a very hardened bsd / linux system that drops all packets that aren't based on a connection that you have established. They did a presentation about this at interz0ne 4 http://interz0ne.com/ . The presentation is here http://theory.kaos.to/projects.html .
Honestly though, I could care less what 'could' be or has been done with anonymous access to the internet. I would rather have complete anonymity than have a bunch of governments attempting to regulate and track every individual.
I wish there was a "Understated" moderation point I could give.
IRC is great and all, but it is at the outer edges of the online universe to say the least.
Get your Unix fortune now!
Satori's next to nothing so they say!
Muddle
That's just LAME! ... D'oh!
One might ask the same about birds. What ARE birds? We just don't know.
You can beat someone to death with a Subway sandwich, if you are determined enough. Should we stop eating sandwiches so everyone will be safer?
If you don't want to be swallowed whole by your government, like in China, you have to be able to have the ability to remain 100% anonymous, no exceptions. Because the moment you give anyone the power to remove the cloak of anonymity, you destroy anonymity from tyrants completely.
I find arguments against online anonymity to be silly, usually taking two tracks:
A) Hackers will attack us!
B) Bad guys (usually meaning pedophiles) will hide there!
B is a given. I support the death penalty for pedophiles (even though I generally don't support the death penalty as it is applied currently), but you have to expect that with anonymity, people are going to do things you don't agree with. That's the entire point of anonymous, is so that people who disagree with you can't track you down and throw you in jail... like living in China and proclaiming that the government there is corrupt.
A is naive. It's the weakness of the protocol/service that must be fixed. Hackers will always be anonymous, and you can never prevent that. Either by hijacking other machines or whatever, it is nearly a fundamental law of digital information. This is no reason to deny it to those using it for free speech purposes.
With respect to the principle of anonymity and privacy, I believe the good outweighs to bad, regardless of any bad someone can show me. Let the drug smugglers and terrorists plot online. That doesn't bother me (in the sense that use of the service bothers me, though the plotting itself does bother me). They can just as easily plot in a closed room or cave in the desert. What does bother me, is that these will be the excuses used to end all reasonable privacy and mark the beginning of placing all spaces under constant surveillance. Without anonymity, tyranny would rule, and would be FAR worse than any private evil anyone can imagine. Think Hitler, Stalin, Mao, Kim Jong-il, etc. Those men were/are worse than 20 Bin Ladens. And the benefits of anonymity to fight evil governments are far greater than the negative benefits to private bad guys.
"When governments fear the people, there is liberty. When the people fear the government, there is tyranny. The strongest reason for the people to retain the right to keep and bear arms is, as a last resort, to protect themselves against tyranny in government." - Thomas Jefferson
"Four hostile newspapers are more to be feared than a thousand bayonets." - Napoleon Bonaparte
I8-D
Worried about being attacked from TOR? Then block it, the exit nodes are listed here: http://serifos.eecs.harvard.edu:8000/cgi-bin/exit. pl?addr=1
Someone, I think here on /., said they used to run a TOR server but stopped when they audited their exiting traffic* and found it was mostly spam, warez, and porn.
If respectable people don't use TOR for respectable things like breaching the Great Firewall of China, then many respectable people will stop running TOR nodes.
*Traffic that is leaving the TOR network at his node. At this point, it's no longer encrypted.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
You can show me pictures up the ying-yang, and it still won't change my mind.
Why are you hiding behind a nickname?
Do you have something to hide?
You'd never see me hiding behind some ridiculous nickname.
Your friend,
some guy I know
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
I like this nickname, because it has so many sides. First, it's cute, immature, happy, childish. Childish is someone who is overly honest to the point of innocence and hasn't lost the ability to still wonder at a top spinning, a magnet pushing another one apart, or be like a baby dazzled by the colors and textures spinning before his eyes. 2nd, I tend to get overly serious and grandiose sometimes, and then all you have to do is look at the name, to come back to your senses. Imagine bugs bunny telling you these things. But still, don't evaluate what you read based on the mere name or appearance of who says it. It's a good excersize for you. As far as hiding, yes, I too have a lot to hide, I am nowhere near being a self-actualized person. That doesn't mean I won't boldly go head on in real life under my own full identity. But the nickname is not ridiculous, because it tests your ability to look past it.
My post was meant to be humorous.
You see, I was criticizing you for using a ridiculous nickname, when my own nickname is just as ridiculous.
To make this clear, I signed my post, which I normally never do.
Intentional hypocracy is supposed to be funny here on Slashdot, and, occasionally, elsewhere.
It's like those posts that begin "Your a moron.", which is a kind of joke because the intentionally mis-spelled "You're" is showing that the person who stated "Your a moron." is also a moron.
(A similar situation is when someone whose nickname is "Speling Natsi" corrects someone else's spelling, etc.)
When I was in college, I had a friend of mine, who, whenever anyone said he was positive about something (e.g., "I'm positive that I saw him in the cafeteria."), would sneer, "Only complete idiots are positive."
I would then ask, "Are you sure?".
He would reply, "I'm positive!".
If you understand this kind of humor, then you should know where my post was coming from.
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana