Slashdot Mirror
Tor - The Yin or the Yang?
An anonymous reader writes "Whitedust is running a interesting article on Tor, The Onion Router project sponsored by the EFF. Tor aims to offer anonymous internet use. Once sponsored by the Naval Research Lab with support from DARPA, it is now managed by The Free Haven Project. Although Tor claims to improve safety and security, the article goes into detail on how Tor can be used as a anonymous attack platform."
yin yang wins over ying yang
it's yin, not ying, you insen.... blah. :)
It's "yin or yang". Good going, Slashdot.
It's already being used this way. Friends still in IRC have been fighting Tor attacks by crapflooders that require 15-20 bans to get rid of the jerk. and the IP's line up with Tor proxies.
It's not hard to modify the client to do nasties for you. hell it can be used to attack any web forum easily without modification.
unfortunately the kiddies discovered it useful for attacking already.
Do not look at laser with remaining good eye.
While I do see some valid uses for it, I've only seen it abused on IRC by people who are using them to flood. I know, IRC isn't the center of the online universe.
For a society to be free, it MUST be possible for people to do things that are against the law. That's just how it works. If people do something illegal then you can punish them, but only an extremely facist government could hope to prevent crimes before they occur.
If it becomes a large enough of a problem, i can see people firewalling based apon a list of tor nodes.
Let's all demonize useful technology before it gets out of the gate! Next year we can all mourn the loss of Sourceforge when it's 'determined' to be a repository for terrorist software development. Oh god, won't somebody help me off of this slippery slope?!
Give people anonymity and of course they are going to do bad things with it. The net is as anonymous as it needs to be. I see this only causing more trouble and headaches...
...You have no life.
Mod me as Troll, I don't need Good Karma.
I think I think, therefore I think I am.
Wasn't Thor part of the Norde mythology? What's Taoism got to do with it?
Of course, i could be wrong, and the yin / yang mentioned by the submitter is just out of topic.
Because the slashcoders worked overtime to ban posting to slashdot from as many tor servers as they could find.
You can't post to this page.
Whitedust commented that the flaws in Tor could be fixed by moving away from the Onion network to an extended "Onion Ring" network.
There is truth in humor.
open proxies are harder to find. you can't simply click "next next finish" and be good to go. if you think using your ISP's proxy is anonymous you're very naive.
RIAA Alert
Tor
KILL
KILL
KILL
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Call me paranoid, but I don't trust anyone other than the intended recipient to decrypt any sensitive data. The way I understand the program to work (correct me if I'm wrong) is that a "trusted" server on the end decrypts your packets and acts as the "proxy" between the tor network and the Internet. What if those trusted servers is compromised? Being so centralized, they make a good way to glean a lot of personal info.
Now, if you don't care about your data privacy, and just care about a hard to trace connection (i.e., for an attack, but there are plenty of other legitimate reasons), then Tor is pretty cool. However, since there are presently so few servers, and a lot of people DO seem to use Tor to crapflood IRC/forums/etc, it seems like more and more people are just banning the Tor IP addresses.
Maybe it's "Xing".
Oh, sorry, that's an MP3 encoder.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
You have got to be kidding me. I can barely use Tor to surf for porn at work, its so damn slow. IRC? Ya, it crawls too. This is using US tor servers too - good luck if one of the routers in the route is in some high speed country like bangladesh. Tor is a great idea maybe, but as it stands right now is so slow its not even funny.
any good thing doesn't require you to hide behind anything.
Well for example, it can be used by dissidents to safely express their political views, be it in the PRC, Burma or the United States...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
One of my 8 yahoo ones, or one of my 10 gmail accounts, or my 4 hotmail accounts or the mailinator account I'm about to make up for the next online form I come across that requires a 'valid email address'?
Or do you mean the 'real' email address that belongs to one of the more obscure web-based email services?
Real authentication is impractical in large numbers; this is why it has never been implemented. It barely worked when you sent a photo copy of your drivers' license in to your local BBS; but now, in the age of instant graticication and an international scale (how *can* you tell that ID from istanbul is fake or not?) it's flat out of the question.
To repeat the point; when it comes to the internet, real authentication is impossible.
which I have always heard descibed as ying-yang
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
A: Tor is a documented protocol. If you really REALLY want to block Tor on your network, configure your IDS to recognise the protocol setup, and kill THAT.
B: You can't quake through Tor. Tor only supports TCP, and it adds a fair bit of latency to boot.
Test your net with Netalyzr
I live in the USA, and I use it all the time at my high school. Why? My high school thinks it prudent to block many sites such as hackaday.com and coxandorkum.com. I also used it when I was in china to bypass the great firewall to check my evil capitalist college email.
I think that if anyone is being blocked from visitng any site, anywhere, they should use this to show how stupid and ineffective filters are, especially in schools. Why bother to educate responsibility on the internet when you can force it on kids!
You can tell tor what type of nodes to connect to, you don't have to just use "trusted nodes." It comes OOTB like that, but all it takes is a quick edit.
If you are sending unencrypted traffic over tor and you really have a need for anonymity you are stoopid anyway and you will die. If you are doing something that could cost you your freedom you need more than one layer - and tor, no matter how big the onion, is still just one layer.
It could be used for that, but it's mostly being used to harass legitamate internet users.
There's a huge difference between what it could be used for and what it is being used for; and what it is being used for isn't worth putting up with the 0.0001% legitimate useage.
...you can use it to protect your family from dangerous animals (deer, frog hoards, and spiders...I hate spiders), or you can kill people, which is wrong.
Anonymity conceals identity. People who commit crimes often don't want to get caught, so anonymity is something they desire.
Nothing to see here; move along.
Am I part of the core demographic for Swedish Fish?
There's only two types of people that would bother with annonymous internet usage... those doing something they fear might get them in trouble, and those that fear being monitored regardless if they're doing anything bad or not... either way, annonymous internet usage is somewhat a product of fear.
/." or whatnot.
Not saying there's anything wrong with acting on fear, but it can't be healthy to live always fearing "Oh no they might see me reading
Oh, sorry, that's an MP3 encoder.
No, it's not. It's an atrocity claiming to be one.
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
There's a huge difference between what it could be used for and what it is being used for; and what it is being used for isn't worth putting up with the 0.0001% legitimate useage.
Tell that Kin Yu Jong who's being at risk of being arrested any moment now because he dared write "uh, I dunno, but maybe Tiananmen wasn't so groovy after all" in his fanzine.
Only well-fed and wealthy people like you who live in relative safety in their countries have the luxury to think their comfort rates higher than the needs of the oppressed.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
an RBL populated with the tor master list.
a BGP feed of tor hosts.
anyone game?
How on earth would you know? Reports like the one in TFA don't exactly give you a random sampling of Tor users.
After all, I am strangely colored.
Any technology that empowers people can be used both for good and bad. Fire, knives, cars, gas, etc. Tor is not something that's likely to cause an end to the world, there are a lot more potent things to worry about.
"tell me exactly what is the point of this tech if not the be bad with it.."
... eh... terrorists away. Not.
What is it good for? To surf the net anonymously. If you live in China, or soon in the EU, that can be a problem. The upcoming EU laws on data retention means that your ISP will keep track of what web pages you request, probably by forcing the customer to go through a central proxy. Some suggest that the ISPs should be allowed to use this information for commercial purposes to help offset their added costs. Now there's something that puts the GMail profiling to shame...
But hey, it will keep the tigers
Complete accountability is wonderful in theory, but problematic in practice. First, even theoretically, it can only work if everyone is held accountable. If you're accountable to the police, but the police are not accountable to the people they serve, then anonymity might be required in order to report corruption and whatnot.
Now let's move on to practice. Say you want to do something pretty much harmless, but frowned upon by society at large, like lighting up a joint, having sex with your girlfriend, or killing a hobo with a ball-peen hammer. If society bans certain acts arbitrarily and irrationally, then you shouldn't have to be "accountable" to that sort of insanity.
You want the truthiness? You can't handle the truthiness!
If you want a complete all-in-one Tor platform, look no further, Tor Desktop.
The Tor project has a FAQ about abuse, from the perspective of Tor server operators and other folks on the internet. Of particular interest are:
Also of interest on the main Tor FAQ is:
Basically, Tor goes through some effort in order to be easy to block, by making sure that you can easily get a list of exactly the Tor nodes that allow connections to your servers. If you don't think people who want privacy belong on your service, you don't need to support them; it's your service after all. (Some people have already written RBL-like tools, but I haven't seen any that I like so far; all the ones I've seen list all Tor servers, even the ones that do not permit outgoing connections and so cannot deliver unwanted connections.)
On the other hand, if you do think that privacy is a useful thing, there are ways to allow anonymous users without allowing unlimited abuse. See the first link above.
Tor is completely open-source and peer-reviewed. The protocol is documented, and there is already at least one third-party implementation (JAP) that can access the same network. You really think it has evil Government spyware in it? Give me a break.
Signature.
Not much you can do about it. Encryption, anonymous remailers, proxies, all can be used for good and bad purposes. So can speech, religion, press, arms, etc.
Either we stand up to our responsibilities as adults and advanced and civilized people with a sense of honor, propriety, and duty, and chase criminals and terrorists while playing by the traditions, rules, regulations, and laws... or we dispense with our rights, liberties, and privileges in the name of safety and prevention of infractions.
As we all well know, you cannot trade freedom for security and we'll be damned if we do. We can only try to find ways to stop the abuse but I sincerly hope people do not seek to go beyond that. I use Tor to get out of my subnet when it is blacklisted due to abuse activities by people also on the subnet. Why should I suffer for some arse's misbehavior? I also use it to keep my privacy when dealing with places where locals tend to have more than a touch of nastiness and vindictiveness.
The Internet is crawling with bad people. We shouldn't hesitate to use the privacy technologies availible to defend ourselves and we shouldn't be looking askance at them because some people abuse them. People abuse just about anything. That's human nature. Should we live in padded rooms in underground bunkers?
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
You forgot hot. It's Shields by a mile.
By the way, where are the obligatory Whisper Song jokes? (Though I doubt none of us, nevermind the Ying Yang Twins, would consider "Wait 'till ya see my traceroute" to be funny.)
You can hold down the "B" button for continuous firing.
I wish there was a "Understated" moderation point I could give.
IRC is great and all, but it is at the outer edges of the online universe to say the least.
Get your Unix fortune now!
That's just LAME! ... D'oh!
One might ask the same about birds. What ARE birds? We just don't know.
You can beat someone to death with a Subway sandwich, if you are determined enough. Should we stop eating sandwiches so everyone will be safer?
If you don't want to be swallowed whole by your government, like in China, you have to be able to have the ability to remain 100% anonymous, no exceptions. Because the moment you give anyone the power to remove the cloak of anonymity, you destroy anonymity from tyrants completely.
I find arguments against online anonymity to be silly, usually taking two tracks:
A) Hackers will attack us!
B) Bad guys (usually meaning pedophiles) will hide there!
B is a given. I support the death penalty for pedophiles (even though I generally don't support the death penalty as it is applied currently), but you have to expect that with anonymity, people are going to do things you don't agree with. That's the entire point of anonymous, is so that people who disagree with you can't track you down and throw you in jail... like living in China and proclaiming that the government there is corrupt.
A is naive. It's the weakness of the protocol/service that must be fixed. Hackers will always be anonymous, and you can never prevent that. Either by hijacking other machines or whatever, it is nearly a fundamental law of digital information. This is no reason to deny it to those using it for free speech purposes.
With respect to the principle of anonymity and privacy, I believe the good outweighs to bad, regardless of any bad someone can show me. Let the drug smugglers and terrorists plot online. That doesn't bother me (in the sense that use of the service bothers me, though the plotting itself does bother me). They can just as easily plot in a closed room or cave in the desert. What does bother me, is that these will be the excuses used to end all reasonable privacy and mark the beginning of placing all spaces under constant surveillance. Without anonymity, tyranny would rule, and would be FAR worse than any private evil anyone can imagine. Think Hitler, Stalin, Mao, Kim Jong-il, etc. Those men were/are worse than 20 Bin Ladens. And the benefits of anonymity to fight evil governments are far greater than the negative benefits to private bad guys.
"When governments fear the people, there is liberty. When the people fear the government, there is tyranny. The strongest reason for the people to retain the right to keep and bear arms is, as a last resort, to protect themselves against tyranny in government." - Thomas Jefferson
"Four hostile newspapers are more to be feared than a thousand bayonets." - Napoleon Bonaparte
I8-D
Someone, I think here on /., said they used to run a TOR server but stopped when they audited their exiting traffic* and found it was mostly spam, warez, and porn.
If respectable people don't use TOR for respectable things like breaching the Great Firewall of China, then many respectable people will stop running TOR nodes.
*Traffic that is leaving the TOR network at his node. At this point, it's no longer encrypted.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Why are you hiding behind a nickname?
Do you have something to hide?
You'd never see me hiding behind some ridiculous nickname.
Your friend,
some guy I know
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
I like this nickname, because it has so many sides. First, it's cute, immature, happy, childish. Childish is someone who is overly honest to the point of innocence and hasn't lost the ability to still wonder at a top spinning, a magnet pushing another one apart, or be like a baby dazzled by the colors and textures spinning before his eyes. 2nd, I tend to get overly serious and grandiose sometimes, and then all you have to do is look at the name, to come back to your senses. Imagine bugs bunny telling you these things. But still, don't evaluate what you read based on the mere name or appearance of who says it. It's a good excersize for you. As far as hiding, yes, I too have a lot to hide, I am nowhere near being a self-actualized person. That doesn't mean I won't boldly go head on in real life under my own full identity. But the nickname is not ridiculous, because it tests your ability to look past it.
The general sloppiness here drives me crazy. I'd be happy for a decent /. alternative, but it is unique in it's category.
It's not like the stories are expedited from submission to posting.. the editors here get paid money, and for that they should strive towards something better and more respectable. How hard would it be to spell-check submissions? Not hard at all.
And there's fundamentally a difference between fat-fingering "the" (which should get caught) and not knowing enough to spot "yin-yang". Perhaps it's time they hired an online copy-editor. It wouldn't cost them much, and maybe the volume of postings dedicated to "slashdot sucks" could be alleviated. Their advertisers alone should complain, because the valid "slashdot sucks" posts constitute a kind of click-fraud.
Yeah, a little much, but...
My post was meant to be humorous.
You see, I was criticizing you for using a ridiculous nickname, when my own nickname is just as ridiculous.
To make this clear, I signed my post, which I normally never do.
Intentional hypocracy is supposed to be funny here on Slashdot, and, occasionally, elsewhere.
It's like those posts that begin "Your a moron.", which is a kind of joke because the intentionally mis-spelled "You're" is showing that the person who stated "Your a moron." is also a moron.
(A similar situation is when someone whose nickname is "Speling Natsi" corrects someone else's spelling, etc.)
When I was in college, I had a friend of mine, who, whenever anyone said he was positive about something (e.g., "I'm positive that I saw him in the cafeteria."), would sneer, "Only complete idiots are positive."
I would then ask, "Are you sure?".
He would reply, "I'm positive!".
If you understand this kind of humor, then you should know where my post was coming from.
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana