Slashdot Mirror
Group Thinks Anonymity Should Be Baked Into the Internet Itself Using Tor
Hugh Pickens DOT Com writes "David Talbot writes at MIT Technology review that engineers on the Internet Engineering Task Force (IETF), an informal organization of engineers that changes Internet code and operates by rough consensus, have asked the architects of Tor to consider turning the technology into an Internet standard. If widely adopted, such a standard would make it easy to include the technology in consumer and business products ranging from routers to apps and would allow far more people to browse the Web without being identified by anyone who might be spying on Internet traffic. The IETF is already working to make encryption standard in all web traffic. Stephen Farrell believes that forging Tor into a standard that interoperates with other parts of the Internet could be better than leaving Tor as a separate tool that requires people to take special action to implement. 'I think there are benefits that might flow in both directions,' says Farrell. 'I think other IETF participants could learn useful things about protocol design from the Tor people, who've faced interesting challenges that aren't often seen in practice. And the Tor people might well get interest and involvement from IETF folks who've got a lot of experience with large-scale systems.' Andrew Lewman, executive director of Tor, says the group is considering it. 'We're basically at the stage of 'Do we even want to go on a date together?' It's not clear we are going to do it, but it's worth exploring to see what is involved. It adds legitimacy, it adds validation of all the research we've done.'"
Group think stinks!
I like the concept, however If we are going to turn tor into a standard would it not make more sense to start from scratch and create a new standard based on tor instead? for all of tors advantages there are numerous disadvantages.
have you seen my sig? there are many others like it but none that are the same
Wasn't there an article here earlier about how it's not so difficult as earlier imagined to track inputs and output of Tor and connect them to the person using it?
But how else then shall they keep us safe from all the Bad Guys, ne'er-do-wells, pedophiles, terrorists, communists, liberals, hippies, criminals, foreigners, pirates, gays, racists, misogynists, thought crimes, neighbors, and YOU?
Hmm, TOR is a nice project and all, but it has its benefits and drawbacks. I think IETF need to give quite a bit of thought before adopting some technology as a standard.
I'm all for anonymous communication with encryption though. I hate what corporations and governments are doing to the internet. I do believe internet is the most important human discovery since fire, and its freedoms need to be preserved...
--Coder
Sources please?
until someone simply creates an STCP/SUDP/SIP standard where the first thing any newly established connection does is negotiate SSH-style encryption (fuck TLS), with fallback to regular TCP. Can't be that hard, can it?
I'm under the impression that you're confusing things. Noone said that you'd be forced to run an exit node, or even a relay. I believe it's just about making the protocol a standard.
*OMG* no! Tor does nothing if you want to spill your personal guts all over the internet. Also cookies and other nefarious tracking technologies work ...
wonderfully right through tor. tor doesn't block you if you want to scream your name and credit card number and whatnot to the internet
can we just have websites work without javascript and FLASH?!
What can I say. There probably will be challenges, but as of today this is something that I give my full support.
How feasible would it be to split the internet right down the middle but share the same lines?
So on one half you could keep the wild wild west net and on the other all the cry babies and censor-happy types can have their walled wide web.
Then just onion-up the wild wild west side.
Why build on tor with its known deficiencies while truly freedom guaranteeing tools such as Freenet exist?
But the extension, as mentioned in the summary, would be to bake it into internet appliances, such as routers and modems, that would automatically connect via TOR, without user intervention. Now I'm sure that if you are a savvy user and used to going into your router settings to tweak things, there will be a check box to remove TOR default functionality, but most folks will just wonder and complain about how much slower their connection is with the new internet box thingy.
"Unheard of means only it's undreamed of yet,
Impossible means not yet done." ~~ Julia Ecklar
Sources please?
Would that be leaking or whistleblowing?
Not quite. Perhaps they had influence, but, from the mouth of the horse itself: "Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory."
The vast majority of internet do not want TOR baked into their internet enabled devices.
The vast majority of internet do not want to have their every online action stored indefinitely, cataloged, profiled, and sold to the highest bidder. All it takes is a couple of interested and motivated parties.
Tor was INVENTED by the DoD. Do you think the NSA would allow it to exist if they have not compromised it? Look at a map of Tor servers - there is a HUGE cluster in the Virginia area.
Tor is a honeypot.
The IETF does not "change Internet code;" they develop standards, specifications and procedures. The actual implementation and then deployment of these is up to everyone else. Further, large scale use of TOR is a horrendously terrible idea. It's generally slow as molasses, it does not provide the anonymity it's intended to and traffic leaving an exit node is highly susceptible to traffic analysis.
Think of it as a tool to let NGO's and US backed 'classic' color revolutions https://en.wikipedia.org/wiki/Colour_revolution take hold and spread as web 2.0 was emerging.
After the Snowden news about total mastery of the 'internet' it all too late for US and UK use now.
Domestic spying is now "Benign Information Gathering"
Is that why so many of them use Facebook and Google services? It is possible that they don't "want" it, but if they don't care enough to stop using Facebook and Google then what makes you think they would want to use Tor? Also, people doing lots of legit downloading don't want anything that negatively impacts download speeds and gamers don't want anything that impacts latency and couldn't give a rats ass about the government knowing that they play BF4..
... And I think I should get a pony for my birthday!
How about we address the reasons we need to hide who we talk to instead of finding new and creative ways to hide? Why are we trying to find technical solutions to social issues?
Tor is a great tool to fight underground criminals, but not so great when you fight rogue governments, who can simply mandate blackbox spychips in all networking hardware available to you.
Posting anon because I don't have an account.
Riiiiight and pushing TOR to be an "internet standard" is not people wanting it to be baked into devices like Teredo has been in in windows since Vista...
Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
There are so many ways that browsers and other software that communicates via the Internet give up the identity of the user. Tor can't stop any of them, and they explicitly say so. I'm working on designing a new protocol and the software to run it that anonymizes communications better, and I had to eliminate the chance that existing software could tunnel through it because of this. Any software that tunnels communication which isn't secure will automatically be a major security risk. Even turning off JavaScript and Flash and Java don't help; see the NSA's use of exploits against Tor browser bundle security flaws to ID users for why not.
If Tor were closed source you could had some reason. But the NSA hates to put their access codes in plain sight, and that it is open source, with everyone using/implementing it free to inspect and check if there is any vulnerability in its design makes pretty hard that it be compromised at that level, no matter who developed it.
I've worked with the IETF on several RFCs. I'm also familiar with the challenges that the Tor project faces daily, and what they have to do to stay ahead of the entities trying to break Tor. I think for Tor to even stop to talk to the IETF would be an waste of their time; Tor needs to be nimble, and the IETF standards process is painfully, horribly slow and unable to move quickly on anything. Given that Tor releases updates on a cycle that is shorter than the normal time a draft spends in the AD review queue, by the time an RFC got to the standards track it would already be out-of-date.
Am I part of the core demographic for Swedish Fish?
All these anonymous routing techniques place a lot of load on the internet and a great deal of latency. I have a proposal to help:
A content-addressible distributed store for static content. You can make it work like Freenet if you really want to be paranoid, but that isn't needed. Just a distributed caching system indexed by, say, sha256 hash.
It'd take some minor revisions to web browsers, but you can make this work with backwards compatibility by using a reserved word in a URL. Eg, http://theserver.com/magicword/sha256/hash/mime/mime/filename.jpg. A non-compatible browser would simply treat it as a plain file request and get it as normal, while those supporting the protocol instead recognise the /magicword/sha256/ part. Longer term, once the infrastructure is in place, switching to magnet links would offer some significant advantages like the ability to specify multible hashes, size, etc.
Clients can then contact any convenient cache server (The source, ISP run caches, ones built into routers found by service discovery, other clients on the same segment) to obtain the desired file.
This address-by-hash approach has some major advantages in efficiency which would make anonymous routing and physical mesh networking much more viable.
- Improved caching proxy performance: No more messing around with IMS requests. The hash defines the only correct response, and it doesn't expire. Ever. Think of the potential for how much better multi-user caches can work under those conditions. The first person views a viral video, and no-one else has to wait for it to download over the WAN. Great on moving vehicles, too: A train's cache can load up the day's iPlayer etc video in the morning and commuters can enjoy a high-performance cache rather than struggle with mobile access.
- Improved resistance to takedowns: You can take down the site that first hosted content, but so long as the hash for that video is being passed around it'll be near-impossible to eliminate it from every caching node. It's also a lot easier to find new hosting for a few kilobytes of HTML than a twenty-meg video that half the country wants to see at once.
- Reduced latency and improved performance by moving the content closer to the destination: It'd be like a CDN for the masses, except no need to pay a fortune for it.
- Reduced hosting costs: For the same reason. Fewer re-requests for files already seen once, better caching proxy capabilities.
- Improved offline access: Internet access unreliable? By eliminating the need for IMS queries for images, pages can load from cache much more easily. If the HTML is static and addressed via hash, an entire website could be stored that way.
CAN for static content, conventional packet switch for dynamic. I think that's a good way to go. Different types of traffic that need to be handled in completly different ways.
just take a leak and whistle dixie
Tor project should sell tor applicances in every shape. routers, phones, desktops, laptops. Lots of phones/routers have GNU/Linux customizeable firmware. Nobody has taken upon themselves to offer up turn-key solutions/support for these.
Jolla Phone, Mozilla Firefox OS phone, Cyanogenmod?, Iphone, Ubuntu Phone.
You could configure it with tor DIY as you would your desktop, but for your grandma that doesn't cut the mustard.
That's why a turn-key service-offering like that would be best.
That would be something worth selling in little mall kiosks across the country.
To give you an idea how much people crave for something like this, the bitcoin(anonymity-related) Robocoin kiosk in Vancouver is a success in its first month.
Here is how I think things should work:
1)You could pay torproject a fee and send them your SIM/phone/ADSL-VDSL-CABLEMODEM router.
2)torproject does what needs to be done. i.e. flash the phone, flash the router, and automagically configure for customer to target isp/phone provider.
3)torproject sends you the appliance ready to go.
If you don't have a phone/router, it would be best to ask for recommendations from torproject what hardware can best support your digital freedoms and privacy.
At present, I prefer the specs and digital freedom of the Google Nexus 4. Ubuntu Phone, Android, Cyanogen, Replicant, FireFox OS can run on it. Iphone can be jailbroken, but the point here is to buy hardware that supports digital freedom from the get-go. Google sells all its NEXUS phones UNLOCKED as it should be and that's why I recommend the NEXUS 4 because they are well-known in the developer community. The NEXUS 5 is a beautiful phone, but at present it's hard to find other firmwares running it on it apart from Android. That's a bug and not a feature with respect to Digital Freedom and Digital Privacy. The consumer deserves the right of choice of OS on their hardware applicance be it phone, computer, router, fridge, coffee-maker whatever.
The IETF could put TOR in the plumbing, but it's not going to happen. It's not politically correct in some countries and that's why it's not going to fly that way. It has to be through some hardware manufacturers and let the consumers purchase it. CONSUMERS have all the purchasing power.
All we have to do is market digital freedom and digital privacy hardware and ensure it comes with a turn-key tor solution in it.
Torproject should be the ones providing that and receive some kind of fee for it.
Tails CD was close, but it has bugs and doesn't work behind routers. That's why torproject router/phone firmware would be important to have.
The shortest path between two points would not be a straight line, but it would go around three sides, twice.
Can't we all just get a long so we wouldn't need this sort of nonsense. *sigh*
The way we fix web security is by integrating diffie helman into HTTPS. You demote all PKI certificates to use for authentication of web resources, and use Diffie to provide the actual cryptography via 3DES or AES; if it's an overseas transaction use DES to avoid weapons export laws.
This also renders useless the the NSA sending a national security letter to Verisign and get all the keys on a CD. Sure you can impersonate a website actively, but tapping existing encrypted communications is now virtually impossible. More importantly you've got to maintain vendor contacts to make snooping on everyone viable.
I Cannot MITM that using SSLStrip as one example. The author of SSLStrip in his youtube video actually used a TOR exit node to go fishing. He got literally over a hundred logins to websites and banks doing so. Tor is Less secure than just using a regular internet connection.
From there if you clean your cookies every time you close your browser, and if using IPV6 generate a new MAC address, and run antivirus\anti spyware you're basically set.
Sign me up, I sure want to be held liable for someone else transferring child porn across the web! No, this isn't going to fly. No one is going to give exit nodes idemnity from prosecution. Prosecutors go after the lowest hanging fruit possible.
Snowden leaked NSA opinion on TOR here:
http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document
Slashdot reporting here:
http://slashdot.org/story/13/10/04/162254/how-the-nsa-targets-tor
Sent from my ENIAC
As the other child said, nobody's saying this is a universal solution. However, making Tor an internet standard is a fantastic idea. It obfuscates the source of data and this is good for privacy even if it doesn't solve every issue related to it. Arguing against making it a standard because "you can still be dumb" is an utterly absurd argument and the people who modded it insightful ought to be ashamed. Should we also get rid of cryptography? After all, protecting your data doesn't prevent third parties from obtaining the source data unencrypted from your drives. I guess that means it's worthless, huh?
If you want to "bake in" anonymity into the Internet do it at IP layer by allowing datagrams to be sent to a destination without return source address. Use a special source address for IPv4 and IPv6 out of IETF reserved space. Updating BCP 38 and friends accordingly complete with enabling socket options such that sourceless datagrams can be done without special privileges or resorting to RAW sockets.
Any app specific addressing (! IP) necessary for bi-directional communication would be punted as far up the stack as possible. tor routing is then applied on top of it.
One thing you've gotta admit about Tor, is that it's an inefficient way to get packets from point A to point B. If we had Tor built into the all Internet protocols, don't you think one of the first things you would do, would be to look at some case where you didn't like the performance you were getting, and then you'd "invent" a shiny new protocol that directly links two points, providing massive performance improvements at the cost of making traffic analysis easier? And don't you think there are shitloads of applications, where that tradeoff would make sense? Inventing not-Tor would be the biggest thing, ever.
Crypto is good. Modern CPUs can handle it effortlessly, nearly for "free." There are some cases (e.g. shared caches) where you might not want the tradeoff, but overall it's turning out to be a no-brainer, almost always worth the compromise. You just can't say that about onion routing, though. It's subjectively good, at best.
BTW, also: here in America, a lot of us have asymmetric connections for the "last mile."
"Believe me!" -- Donald Trump
1) Tor cannot introduce a bottleneck. It will now in it's current implementation and user base. This is acceptable since it's an optional component and people accept the bottleneck as a security concern but when if it becomes a common implementation to the point it's being used by default without consumer setup then bottlenecks must be avoided. Surely the capacity of the supporting user base will increase and I'm assuming that if it becomes such a common standard then people will become transport nodes themselves as well, increasing the availability and general usage speed but it only takes one node to slow the connection. Ensuring their are no bottlenecks must be part of the standard itself. I have some ideas on how but I don't think I'm advanced enough nor are they good enough to be worth sharing with the IETF since they already have more experienced people working on the same aspect.
2) Endpoint encryption must be mandated. The data traveling from the exit node to the final destination MUST be encrypted. If not then anyone acting as a end node can intercept, steal, mitm, counterfeit, etc. In principal, if tor is becoming a common protocol like this then it's fair to assume that everyone will become an exit node and at the same time everyone would be using tor without setting it up (I think, if I understand this correctly). That means people who want to steal credit card numbers, logins, etc just need to watch for the unencrypted connection containing the data traveling through their exit node and they will be able to find scores of data and that's just one of the avenues of exploitation.
I think one simple solution for (2) is to make the exit node the endpoint; the final destination, the 4th hop. If tor becomes a common standard then everyone including the end service will be a tor node. We could mandate SSL from the exit node to the endpoint but that adds a layer of complexity. If the endpoint is already a tor node based on tor being a common standard that is deployed to the masses as an underlying protocol then we can make the endpoint and the exit node the same host. In doing so, we may even trivialize, supersede and deprecate SSL/TLS in the process. Tor can carry any traffic, as far as I'm aware, supports encryption and if the end point is the exit node then it will be receiving a tor packet which only it will be able to decrypt. This will also decentralize the encryption itself. There will be no "trusted" parent certs from private firms that we're unsure how secure they really are (GoDaddy, verisign, Network Solutions, etc) or if we have to ask if they have already handed over their certs to the NSA as we do now with SSL/TLS. Additionally if we eliminate the non-tor hop from the exit node to the endpoint, we will effectively be eliminating any point where the communications can be eavesdropped on in a vulnerable state where a possible exploited cert exists. I mean we won't need SSL/TLS from the exit node to the endpoint where someone can setup a sniffer and know about a known compromised SSL/TLS certificate that they can decrypt such as it's speculated that the NSA already can. If the exit node and the endpoint are the same host then SSL/TLS becomes trivial and excessive. SSL/TLS would become plain text wrapped in one encryption protocol wrapped in another encryption protocol, redundant and excessive at that point.
And since a lot of us now live under bandwidth limitations, who would want to run an exit node?
That doesn't even address the potential for the feds to arrive at your door due to some moron out there trying to browse kiddie pron that happens to come out thru your node..
Unless we had 'protected' entities with enough bandwidth handling all the exits to the 'open net', then the concept of making this 'the standard' is flawed.
( freenet has a similar issue with bandwidth use.. who can afford to contribute what is needed? )
---- Booth was a patriot ----
On the topic of Tor use... Viewing /. through the Tor browser bundle sucks. It's the goddamn autorefresh feature. Go stick a tube down someone else's throat - if I want my goddamned page updated, I'll do it myself. When it happens on auto, i get what I'm looking at whipped away from me, then it takes a while to reload and render and jerks my damn page position around or just sends me to the pink-page-of-untrusted-ip-address-shame. Autorefresh sucks, m-kay?
true story
In an unrelated story US Government Officials today announced the seizure of large amounts of heroine cocaine and guns at the house of all the guys names mentioned in the article. Government spokesmen said today "Definitely not planted. Definitely not planted. We are excellent drivers". All above mentioned persons have been placed in a prison of our choosing and will be arraigned to answer their charges in 16 to 24 years.
Mean what you say...say what you mean.
Isn't Tor itself insecure?
someone hasn't configured their browser correctly.
In IceWeasel:
Edit-Preferences-Advanced-Warn Me When Websites try to redirect or reload the page
Enabling this option will stop auto-directions and reloads.
I didn't need to read documentation on this, I chose it as one of its obvious features.
If you want additional protection, disable Javascript then tweak NoScript heavily in your favor.