Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor - The Yin or the Yang?

Posted by Zonk on from the watch-the-shadows dept.

An anonymous reader writes "Whitedust is running a interesting article on Tor, The Onion Router project sponsored by the EFF. Tor aims to offer anonymous internet use. Once sponsored by the Naval Research Lab with support from DARPA, it is now managed by The Free Haven Project. Although Tor claims to improve safety and security, the article goes into detail on how Tor can be used as a anonymous attack platform."

26 of 139 comments (clear)

  1. Cultural Idiots by jvagner · · Score: 2, Informative

    It's "yin or yang". Good going, Slashdot.

    1. Re:Cultural Idiots by atteSmythe · · Score: 3, Informative

      Messup is [sic] from TFA.

    2. Re:Cultural Idiots by EnronHaliburton2004 · · Score: 3, Informative

      Actually, isn't it a mistake to try to seperate the two?

      It's the "Yin and Yang", or the 'Yin-Yang' as I understand it-- two opposite pieces of the same energy, both integral and complementary to each other. They cannot be removed from the whole, or the whole is destroyed.

      Using the word 'or' actually distorts the original meaning-- 'or' imply two different pieces, the Yin OR Yang-- with we're really talking about one thing.

      Yes, this sounds pedantic, but I think it's actually an important difference.

      --
      94% of Repubs and 21% of Dems voted to renew the Patriot Act
    3. Re:Cultural Idiots by loopback_127001 · · Score: 2, Insightful

      It would be a very important difference, if you were right.

      Yin and Yang are opposites. They are two separate concepts that, together, balance one another out. If one or the other is too out of balance, you see problems, according to the theory.

      But the fact that yin or yang energy can be out of balance would indicate they are, in fact, two different things. Look at Chinese medicine, some substances are considered to have a strong 'yin' value, others to be primarily 'yang'.

      In short, you're getting it right that the two opposing forces are both necessary to create a 'whole', but you're getting it wrong to say that something can't be yin or yang. Although I suppose if your point is really that there is no such thing as a pure-yin or pure-yang object in the universe, that is technically true. but damn, that's even more pedantic than I thought you were being. =)

      Of course, this is all needless wanking around an article that thinks 'yin or yang?' is a clever way of saying 'good or bad?' And, as has already been pointed out, can't spell 'yin' right in the first fucking place.

  2. anon attack platform? yup! by Lumpy · · Score: 5, Insightful

    It's already being used this way. Friends still in IRC have been fighting Tor attacks by crapflooders that require 15-20 bans to get rid of the jerk. and the IP's line up with Tor proxies.

    It's not hard to modify the client to do nasties for you. hell it can be used to attack any web forum easily without modification.

    unfortunately the kiddies discovered it useful for attacking already.

    --
    Do not look at laser with remaining good eye.
    1. Re:anon attack platform? yup! by dgatwood · · Score: 4, Insightful
      This just tells us what we already knew--online forums and chat mechanisms and other similar technologies should always be designed to require registration.

      IRC is a relic from the ancient design museum, a reminder that once, when the internet was young, everyone who could run a server on the 'net could be trusted. SMTP is the same way, along with a number of other fossilized protocols. These protocols, if they are to continue to be useful in the new age of IP spoofing, dynamic IPs, and wormhole routing, need to be redesigned with a modicum of security built into them.

      Most people aren't willing to create an account with their real email address to post crapfloods. The few who do can be easily banned by email address.

      I know, I know, I'm posting on the world's biggest counterexample for my opinion. Such is life.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    2. Re:anon attack platform? yup! by FooAtWFU · · Score: 2, Informative

      A note that some IRC networks (well, Freenode) automatically detect Tor connections and assign them a hostmask of the form whateverwhatever.tor, and it's easy enough to ban or ignore *.tor from there.

      --
      The World Wide Web is dying. Soon, we shall have only the Internet.
  3. I say negative outweighs the positive. by dewc · · Score: 2, Informative

    While I do see some valid uses for it, I've only seen it abused on IRC by people who are using them to flood. I know, IRC isn't the center of the online universe.

  4. Of course it can be abused by Brad+Mace · · Score: 5, Insightful

    For a society to be free, it MUST be possible for people to do things that are against the law. That's just how it works. If people do something illegal then you can punish them, but only an extremely facist government could hope to prevent crimes before they occur.

    1. Re:Of course it can be abused by ckimyt · · Score: 3, Informative
      For a society to be free, it MUST be possible for people to do things that are against the law. That's just how it works. If people do something illegal then you can punish them, but only an extremely facist government could hope to prevent crimes before they occur.
      But you don't just want a free society, you want a just society. When people can commit crimes anonymously, there is no punishment.

      So avoid facism, but retain your ability to punish those to actually do break the law.
      --

      Putting the sig back into +1, Insightful since 1995!
  5. RBL tor nodes? by blueskies · · Score: 4, Insightful

    If it becomes a large enough of a problem, i can see people firewalling based apon a list of tor nodes.

  6. Fantastic! by Anonymous Coward · · Score: 3, Insightful

    Let's all demonize useful technology before it gets out of the gate! Next year we can all mourn the loss of Sourceforge when it's 'determined' to be a repository for terrorist software development. Oh god, won't somebody help me off of this slippery slope?!

    1. Re:Fantastic! by Jeff+DeMaagd · · Score: 3, Insightful

      Oh god, won't somebody help me off of this slippery slope?!

      Just as well. Slippery slope is a logical fallacy anyway.

  7. Give people anonymity and... by RUFFyamahaRYDER · · Score: 2, Insightful

    Give people anonymity and of course they are going to do bad things with it. The net is as anonymous as it needs to be. I see this only causing more trouble and headaches...

  8. Can't be all good by Neil+Blender · · Score: 2, Funny

    Because the slashcoders worked overtime to ban posting to slashdot from as many tor servers as they could find.

    You can't post to this page.

  9. Solution is obvious by hobotron · · Score: 2, Funny


    Whitedust commented that the flaws in Tor could be fixed by moving away from the Onion network to an extended "Onion Ring" network.

    --
    There is truth in humor.
  10. My thoughts on Tor. by Captain+Scurvy · · Score: 2, Insightful
    Tor is a good idea, and maybe even a step in the right direction, but it is by no means a "solution" for true Net anonymity and/or privacy. In fact, it is a better tool for attack anonymity than it is for privacy.

    Call me paranoid, but I don't trust anyone other than the intended recipient to decrypt any sensitive data. The way I understand the program to work (correct me if I'm wrong) is that a "trusted" server on the end decrypts your packets and acts as the "proxy" between the tor network and the Internet. What if those trusted servers is compromised? Being so centralized, they make a good way to glean a lot of personal info.

    Now, if you don't care about your data privacy, and just care about a hard to trace connection (i.e., for an attack, but there are plenty of other legitimate reasons), then Tor is pretty cool. However, since there are presently so few servers, and a lot of people DO seem to use Tor to crapflood IRC/forums/etc, it seems like more and more people are just banning the Tor IP addresses.

    1. Re:My thoughts on Tor. by ahsect8 · · Score: 2, Insightful

      You're misunderstanding the protocol. The purpose is to anonymize connections versus content.

      An example scenario: a US intelligence agent may need to contact an agency server from within a foriegn country. Anyone sniffing packets would notice that a user is connecting to a server at www.someagency.mil, even if the content itself was encrypted. Tor anonymizes the connection, as the agent now connects to one of any number of Tor nodes. Tor uses encryption to protect route and address information, not content. It should be used in conjunction with another strong encryption protocol (SSL etc.).

  11. Re:the need by Rosco+P.+Coltrane · · Score: 4, Informative

    any good thing doesn't require you to hide behind anything.

    Well for example, it can be used by dissidents to safely express their political views, be it in the PRC, Burma or the United States...

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  12. WHICH real email address? by mph_az · · Score: 2, Insightful

    One of my 8 yahoo ones, or one of my 10 gmail accounts, or my 4 hotmail accounts or the mailinator account I'm about to make up for the next online form I come across that requires a 'valid email address'?

    Or do you mean the 'real' email address that belongs to one of the more obscure web-based email services?

    Real authentication is impractical in large numbers; this is why it has never been implemented. It barely worked when you sent a photo copy of your drivers' license in to your local BBS; but now, in the age of instant graticication and an international scale (how *can* you tell that ID from istanbul is fake or not?) it's flat out of the question.

    To repeat the point; when it comes to the internet, real authentication is impossible.

  13. Latency hurts, however... by nweaver · · Score: 4, Informative

    A: Tor is a documented protocol. If you really REALLY want to block Tor on your network, configure your IDS to recognise the protocol setup, and kill THAT.

    B: You can't quake through Tor. Tor only supports TCP, and it adds a fair bit of latency to boot.

    --
    Test your net with Netalyzr
  14. Solves problems here and abroad by powerline22 · · Score: 2, Interesting

    I live in the USA, and I use it all the time at my high school. Why? My high school thinks it prudent to block many sites such as hackaday.com and coxandorkum.com. I also used it when I was in china to bypass the great firewall to check my evil capitalist college email.

    I think that if anyone is being blocked from visitng any site, anywhere, they should use this to show how stupid and ineffective filters are, especially in schools. Why bother to educate responsibility on the internet when you can force it on kids!

  15. Tor is like a bazooka... by Anonymous Coward · · Score: 2, Funny

    ...you can use it to protect your family from dangerous animals (deer, frog hoards, and spiders...I hate spiders), or you can kill people, which is wrong.

  16. Re:the need by Rosco+P.+Coltrane · · Score: 2, Informative

    There's a huge difference between what it could be used for and what it is being used for; and what it is being used for isn't worth putting up with the 0.0001% legitimate useage.

    Tell that Kin Yu Jong who's being at risk of being arrested any moment now because he dared write "uh, I dunno, but maybe Tiananmen wasn't so groovy after all" in his fanzine.

    Only well-fed and wealthy people like you who live in relative safety in their countries have the luxury to think their comfort rates higher than the needs of the oppressed.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  17. Re:the need by An+Onerous+Coward · · Score: 2, Interesting

    Complete accountability is wonderful in theory, but problematic in practice. First, even theoretically, it can only work if everyone is held accountable. If you're accountable to the police, but the police are not accountable to the people they serve, then anonymity might be required in order to report corruption and whatnot.

    Now let's move on to practice. Say you want to do something pretty much harmless, but frowned upon by society at large, like lighting up a joint, having sex with your girlfriend, or killing a hobo with a ball-peen hammer. If society bans certain acts arbitrarily and irrationally, then you shouldn't have to be "accountable" to that sort of insanity.

    --

    You want the truthiness? You can't handle the truthiness!

  18. There's good and bad by suitepotato · · Score: 2, Informative

    Not much you can do about it. Encryption, anonymous remailers, proxies, all can be used for good and bad purposes. So can speech, religion, press, arms, etc.

    Either we stand up to our responsibilities as adults and advanced and civilized people with a sense of honor, propriety, and duty, and chase criminals and terrorists while playing by the traditions, rules, regulations, and laws... or we dispense with our rights, liberties, and privileges in the name of safety and prevention of infractions.

    As we all well know, you cannot trade freedom for security and we'll be damned if we do. We can only try to find ways to stop the abuse but I sincerly hope people do not seek to go beyond that. I use Tor to get out of my subnet when it is blacklisted due to abuse activities by people also on the subnet. Why should I suffer for some arse's misbehavior? I also use it to keep my privacy when dealing with places where locals tend to have more than a touch of nastiness and vindictiveness.

    The Internet is crawling with bad people. We shouldn't hesitate to use the privacy technologies availible to defend ourselves and we shouldn't be looking askance at them because some people abuse them. People abuse just about anything. That's human nature. Should we live in padded rooms in underground bunkers?

    --
    If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)