Slashdot Mirror
Tor Eyes Crowdfunding Campaign To Upgrade Its Hidden Services
apexcp writes The web's biggest anonymity network is considering a crowdfunding campaign to overhaul its hidden services. From the article: "In the last 15 months, several of the biggest anonymous websites on the Tor network have been identified and seized by police. In most cases, no one is quite sure how it happened. The details of such a campaign have yet to be revealed. With enough funding, Tor could have developers focusing their work entirely on hidden services, a change in developer priorities that many Tor users have been hoping for in recent years."
To our contributors, even though we don't know who you are *wink wink*
..than to have the FBI wondering why I'm contributing money to this cause. I applaud the goal, but I'll let someone more altruistic than me step up to bat.
Save me the "When Good Men Do Nothing," I have family and other considerations outside Slashdot idealism.
Letter To Iran
The government connects to the kiddy porn site and downloads a 500mb video, they have PRISM tell them the computer that transferred 500mb of data to their computer, the computer that transferred 500mb of data to that computer, and so on. It's metadata all the way back to the actual hidden service where the 500mb file came from. As a bonus, they can have PRISM tell them everyone else that connected to a computer that connected to a computer that connected to a computer that connected to the kiddy porn site, too. Works for data of any size and type, not just kiddy porn, as long as the filesize is unique enough or you don't give a shit about false positives or perjury.
Tor has to do something about the timing and metadata attacks if it is to remain relevant. The only issue is whether they can do something about it without making it even slower than it already is.
Finally the world has a way to give their respective government a mighty middle finger after all the bullshit that's been going on lately. I hope they get millions from every corner of Earth.
Buy your next Linux PC at eightvirtues.com
Traffic analysis and other techniques make you trivially de-anonymized by the NSA.
TOR is NOT anonymous, and anyone who thinks it is deserves what they get. But what it IS good for is hiding from non-5-eyes countries. Say you are in the middle east and your third world government doesn't like you reading pr0n. No problem, the NSA isn't gonna hang your ass out to dry for that, and they certainly wont compromise their capabilities for stupid political shit. So TOR away all you want, to keep yourself safe from your local tinpot dictator.
That's what TOR is for. It's NOT for somehow magically keeping your identity secret from the people who invented it and own much of the network.
No matter how much effort goes into securing the transport layer, it means absolutely nothing if the end nodes themselves are insecure. Something as simple as a SQL injection or remote code execution could easily deanonymize an end node. With how quickly many of those sites sprung up, one of the current theories is lack of security on the end-points themselves is what was attacked, not the Tor network itself.
Tor is centered on one single tech: onion routing.
They seem to refuse to consider adding or adopting other techs, like using chaff in the network and trivial delay/random queues to at least defeat some timing and observation attacks.
It's like they're hooked and stuck on their unilateral approach.
And when people bring up alternatives they point to anonbib and disclaim them.
Well yeah, nothing's a total solution, but what some people voice is helpful.
They're also way too quiet about their position whether personal or corporate or project about being for or against govt surveillance, the fact of where they get their funds, all these quiet LEA liasons they must be interacting with.
Come on guys, everyone has opinions, show some balls, vent a little.
Anymore I'd bet I2P and some other networks are in a better position anonymous-service wise.