Slashdot Mirror

← Back to Stories (view on slashdot.org)

Group Thinks Anonymity Should Be Baked Into the Internet Itself Using Tor

Posted by samzenpus on from the don't-track-me-bro dept.

Hugh Pickens DOT Com writes "David Talbot writes at MIT Technology review that engineers on the Internet Engineering Task Force (IETF), an informal organization of engineers that changes Internet code and operates by rough consensus, have asked the architects of Tor to consider turning the technology into an Internet standard. If widely adopted, such a standard would make it easy to include the technology in consumer and business products ranging from routers to apps and would allow far more people to browse the Web without being identified by anyone who might be spying on Internet traffic. The IETF is already working to make encryption standard in all web traffic. Stephen Farrell believes that forging Tor into a standard that interoperates with other parts of the Internet could be better than leaving Tor as a separate tool that requires people to take special action to implement. 'I think there are benefits that might flow in both directions,' says Farrell. 'I think other IETF participants could learn useful things about protocol design from the Tor people, who've faced interesting challenges that aren't often seen in practice. And the Tor people might well get interest and involvement from IETF folks who've got a lot of experience with large-scale systems.' Andrew Lewman, executive director of Tor, says the group is considering it. 'We're basically at the stage of 'Do we even want to go on a date together?' It's not clear we are going to do it, but it's worth exploring to see what is involved. It adds legitimacy, it adds validation of all the research we've done.'"

18 of 123 comments (clear)

  1. interesting by ganjadude · · Score: 4, Insightful

    I like the concept, however If we are going to turn tor into a standard would it not make more sense to start from scratch and create a new standard based on tor instead? for all of tors advantages there are numerous disadvantages.

    --
    have you seen my sig? there are many others like it but none that are the same
    1. Re:interesting by aaaaaaargh! · · Score: 3, Insightful

      Many if not most existing standards have turned out to be fairly mediocre from a security point of view, think of cell phone and wireless encryption for example. There is also some evidence from the Snowden leak that standards procedures and committees have been weakened by members acting overtly or secretly on behalf of government agencies. So they should be really cautious about such offers.

      And why re-invent the wheel and make something fro scratch? Tor is working well, even too well in the eye of some people ...

    2. Re:interesting by jones_supa · · Score: 4, Insightful

      Let's still not forget that even if they end up designing a system which has some disadvantages, it would still be zillion times better than the current system. I just don't want this plan to be discontinued because some perfectionist nerd found some theoretical flaw from it, which can only be exploited by milking a Mongolian horse under full moon. That being said, of course we should still try to make as robust system as possible.

    3. Re:interesting by jellomizer · · Score: 4, Insightful

      They are disadvantage on almost every thing out there.

      You can pine on the disadvantages, or you can rate them and see how to fix them, without cutting into an other advantage, or increasing an other disadvantage.

      Normally if a protocol is Fast, it is unsecured. if it is Secure, it is slow. If it is complex and full featured, there are a lot of failures in implementation, if it is solid, there is a lot less features.

      Life is full of tradeoffs, Stop pining on the road you didn't take, and work on the road you took to make it better.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    4. Re:interesting by Catbeller · · Score: 4, Insightful

      Where was all this concern about the debt when Reagan and Bush W. were cutting taxes, emptying the Social Security trust fund, and spending madly on military and spy agencies? When Reagan took office, the debt was 3 trillion. When Bush took office, it was 6 trillion. Clinton actually paid the debt down a half trillion in his final year: Bush immediately declared the surplus the people's money and gave the surplus back - then raised spending until he left the country another extra six 6 trillion in debt, with obligations to pay for wars and refund the money stolen from the SS trust fund since 1984. Republicans cut taxes and raise spending, run up the debt, have a rich man's party, then step back and let Democrats take all the blame and make the spending cuts and tax increases to try to repair the damage. This has been a thirty+ year tax-cut-based robbery. And always, always an excuse to cut aid to the poor, never the rich.

    5. Re:interesting by UltraZelda64 · · Score: 4, Interesting

      While I do agree with you, an interesting negative to that would be:

      If everyone runs their own Tor exit node, including unknowingly every dumb Windows and Mac user out there, then malware writers (the NSA?) would have a field day writing bad stuff that attacks and takes advantage of a very large number of exit nodes. So which is better: fewer exit nodes but a few known bad ones as it is now, or shitloads of exit nodes where the vast majority cannot be trusted? All it would take is one major outbreak to basically destroy Tor's purpose...

    6. Re:interesting by WaffleMonster · · Score: 4, Interesting

      There is also some evidence from the Snowden leak that standards procedures and committees have been weakened by members acting overtly or secretly on behalf of government agencies. So they should be really cautious about such offers.

      In some ways IETF is almost a joke. "Consensus" building is supposed to be the key to movement yet there is no barrier to entry other than having sufficient number of brain cells to send a message to a mailing list. I have observed several instances of "ballot stuffing" where hoards of random people who very likely know and have contributed nothing at the last moment express support for x. The arbiter of what consensus means is always WG chair(s) who themselves mostly always work for a corporations with skin in the game.

      The IETF process is most successful as a middle ground where there is market incentive to work together. In the case of tor there is no market to speak of to incentivize such behavior.

      And why re-invent the wheel and make something fro scratch? Tor is working well, even too well in the eye of some people ...

      My guess they might start with existing specification and evolve standard based on IETF process.

      An example of this SSL v3 was mostly Netscape's doing while TLS v1 and later were products of the IETF. In this case there were no radical changes between versions and backwards compatibility was retained. There was also huge market incentive for broad compatibility and getting security right.

    7. Re:interesting by Jane+Q.+Public · · Score: 3, Informative

      "Or let me ask differently: How would you fix it? A web of trusted exit nodes run by the government of choice? :P"

      No. Everybody here is missing the point.

      If/when exit nodes are everywhere, hosted by everybody, two things happen:

      (A) It becomes impractical to the point of impossibility to monitor all the exit nodes, and at the same time

      (B) the VALUE of monitoring any given exit node is diluted far past the point of making it worth anybody's time.

  2. TOR? Or I2P? Or Freenet? Or something else? by coder111 · · Score: 3, Insightful

    Hmm, TOR is a nice project and all, but it has its benefits and drawbacks. I think IETF need to give quite a bit of thought before adopting some technology as a standard.

    I'm all for anonymous communication with encryption though. I hate what corporations and governments are doing to the internet. I do believe internet is the most important human discovery since fire, and its freedoms need to be preserved...

    --Coder

  3. Re:Isn't Tor compromised? by Captain+Hook · · Score: 5, Informative

    Tor's weakness is when one organisation, such as the NSA, controls a large percentage of the exit nodes.

    The larger percentage of the exit nodes a single organisation controls the better chance they have to seeing all the packets from any given user.

    Becoming an Internet standard would dramatically increase the number of exit nodes making it harder for a single entity to control a decent proportion of them, although the basic attack would still work with enough resources.

    --
    These comments are my personal opinions and do not necessarily reflect the opinions of the other voices in my head.
  4. Re:This is people mistaking "want" with "will" by d33tah · · Score: 4, Insightful

    I'm under the impression that you're confusing things. Noone said that you'd be forced to run an exit node, or even a relay. I believe it's just about making the protocol a standard.

  5. void between chair and keyboard by Anonymous Coward · · Score: 3, Insightful

    *OMG* no! Tor does nothing if you want to spill your personal guts all over the internet. Also cookies and other nefarious tracking technologies work
    wonderfully right through tor. tor doesn't block you if you want to scream your name and credit card number and whatnot to the internet ...
    can we just have websites work without javascript and FLASH?!

  6. There comes a time when splits are required. by Anonymous Coward · · Score: 3, Interesting

    How feasible would it be to split the internet right down the middle but share the same lines?

    So on one half you could keep the wild wild west net and on the other all the cry babies and censor-happy types can have their walled wide web.
    Then just onion-up the wild wild west side.

    1. Re:There comes a time when splits are required. by FireFury03 · · Score: 3, Insightful

      How feasible would it be to split the internet right down the middle but share the same lines?

      So on one half you could keep the wild wild west net and on the other all the cry babies and censor-happy types can have their walled wide web.
      Then just onion-up the wild wild west side.

      This wouldn't work because you're forgetting the censor-happy people's mentality: they aren't trying to censor the internet so that they can't get to certain material, they are trying to censor it so that _you_ can't get to certain material because the _idea_ of you looking at certain stuff in private offends them. So this kind of split couldn't happen because the censor-happy people still don't want to allow you to get to the "wild wild west" net.

      Wide-scale censoring is all about "I find what you do in private to be offensive so you should be locked up for offending me!" and almost never to do with "I find this content offensive so don't want to see it myself". Much the same way as various activities happening between consenting adults in private are illegal - this isn't about protecting anyone from anything other than offense caused by their own narrow-mindedness.

      Note, I do think there is a place for local-scale censorship, such as preventing kids/teachers at school from accidentally stumbling across stuff they shouldn't. However, where kids are *actively* trying to get at porn, et-al, censorship is never going to work and it is far better to spot kids doing this so someone can have a talk with them. That's not to say that I necessarilly think kids looking at porn is a bad thing (indeed, it's completely normal), but talking to them about it to put it into context is probably a good plan.

      --
      http://blog.nexusuk.org
  7. Re:True or False by jellomizer · · Score: 4, Insightful

    True,
    Group think is the Opposite of Synergy.
    Well it is the opposite outcome.

    Unlike most people I actually know what Synergy means, and see how it is greatly misused.
    Synergy is the process where a group of people working on a problem come up with a solution which is greater then the sum of what any individual could make.
    Group Think is where the a group of people working on a problem come up with a solution which is less then the sum of what any individual could make.

    Obtaining Synergy in an environment is very hard to achieve, because you need to make sure you don't have strong personalities trying pushing bad ideas thew their own force of will, or intimating position. People getting tired out from the process and settling on lesser ideas, reserved personalities not giving their ideas, and a slew of other things going on as well.

    Group think is what usually comes out of these events, where the strongly supported stupid idea is forced down the thought, with issues not properly evaluated, and blank assumptions made.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  8. I hope Tor runs away as fast as it can by pedantic+bore · · Score: 3, Insightful

    I've worked with the IETF on several RFCs. I'm also familiar with the challenges that the Tor project faces daily, and what they have to do to stay ahead of the entities trying to break Tor. I think for Tor to even stop to talk to the IETF would be an waste of their time; Tor needs to be nimble, and the IETF standards process is painfully, horribly slow and unable to move quickly on anything. Given that Tor releases updates on a cycle that is shorter than the normal time a draft spends in the AD review queue, by the time an RFC got to the standards track it would already be out-of-date.

    --
    Am I part of the core demographic for Swedish Fish?
  9. Re:Isn't Tor compromised? by fa2k · · Score: 3, Interesting

    Owning exit nodes is not sufficient to reveal the identity of tor users. Owning a large percentage of relay nodes AND exit nodes could compromise the anonymity, as one could just follow the progression of any data throughout the network. If the traffic volume is small enough to be able to statistically separate the streams from various users, it may be sufficient to surveil relay and exit nodes, instead of actually owning the hardware.

    There are limitations: the exit node can mess with the data at will, in both directions, and this is how the FBI owned the visitors to a pedo site. They injected some HTML (I'm not positive that it was HTML/JS, but one would assume) to make the browsers of the users connect to FBI servers outside of Tor. It was a bug in firefox that allowed this.

    There are two strategies to protect against this,
    1) Encrypt everything; only access SSL sites over Tor. This works in theory because the exit node can no longer mess with the data stream. The only way to reliably use this strategy is to *block* non-SSL traffic. There are so many websites with mixed content, which may pull images and ads from non-SSL streams. Also, NSA may be able to break SSL either by a proper MITM attack (completely hypothetical, no evidence exists) or by owning private keys for some CAs.

    2) Block any non-tor access from the system used to access Tor. This is possible at the network level with extra hardware, VMs and possibly with SELinux. If the browser *cannot* communicate over the standard internet, only Tor, then one is moderately safe. It's still important to configure the browser to not send identifiable information for fingerprinting and tracking cookies.

    By doing 1 and 2 one is quite safe. It may be fine to use a less safe setup for non-secret stuff, like checking facebook, and contributing to flood the tor network with un-interesting traffic. If the "really anonymous" mode required restarting Tor, the NSA would be able to see this from ISP logs, of course.

  10. Re:Isn't Tor compromised? by Splab · · Score: 4, Informative

    You really should read up on technologies before making statements like that.

    The Pedo busts were not attacking exit nodes, it was an attack on the hidden services within the network, there is no mim attack on hidden services, as no one knows who is talking to who. What the FBI did was compromising the servers hosting the material, serving malware that send a single request out outside the TOR network.

    Regarding 2; this only works if your software is perfect, which it won't be. The Pedo bust was abusing a known bug in Firefox 17, which had been fixed for quite a long time, it only takes a single bug in the stack to inject some data, that can be collected at some point later - Even if you only allow data through TOR and using SSL, there is nothing preventing FBI sending enough data about your local network, to help identifying you. (For instance, a quick wifi-scan gives you enough information to place my system somewhere in Denmark, using WIFI databases, like the stuff google collected with street view, you can probably pinpoint it even further)

    While forcing SSL is a nice idea, generally, it wont work; as you said, people are doing mixed content - on top of that, it only takes a single compromised request to a CDN like jQuery, to have your system thoroughly compromised, see http://www.youtube.com/watch?v=ZCNZJ_7f0Hk (While they are compromising anonymous proxies, the attack will work just as well on TOR)