Mozilla Dusts Off Old Servers, Lights Up Tor Relays

TechCurmudgeon writes According to The Register, "Mozilla has given the Tor network a capacity kick with the launch of 14 relays that will help distribute user traffic. Engineers working under the Foundation's Polaris Project inked in November pulled Mozilla's spare and decommissioned hardware out of the cupboard for dedicated use in the Tor network. It included a pair of Juniper EX4200 switches and three HP SL170zG6 (48GB ram, 2*Xeon L5640, 2*1Gbps NIC) servers, along with a dedicated existing IP transit provider (2 X 10Gbps). French Mozilla engineer Arzhel Younsi (@xionoxfr) said its network was designed to fall no lower than half of its network capacity in the event of maintenance or failure. The Polaris initiative was a effort of Mozilla, the Tor Project and the Centre for Democracy and Technology to help build more privacy controls into technology."

Re:Why make enemies of goverments?

[clonehappy]

Mozilla has just given the world governments very own honeypot a great boost in capacity. Why would that make them an enemy?

Re:Why make enemies of goverments?

Why make enemies of governments?

Short answer: Because they're there.

Long answer: What you don't seem to understand is that none of us owe any of the world's governments a goddamn thing. They govern with our sufferance. Their continued existence depends entirely on our reluctance to face the consequences of overthrowing them. They need us more than we need them. Therefore, the world's governments should remember their place while they still have one.

Re:Why make enemies of goverments?

[TheCarp]

Because when the state makes its enemies based on whether or not their legitimate use of technology annoys them, then the state deserves enemies.

You are evaluating the situation in a vacuume. If everyone took that approach then the government just gets whatever it wants out of fear. Giving in to that and making decisions based on it, encourages such rule by fear attitudes.

Re:Can we please get the fuck off TOR

[rahvin112]

There is nothing wrong with TOR other than not enough people are providing capacity. The biggest reason the government can attack TOR is that the number of relays and nodes is so pathetically small as to make it trivial to attack it for a large well funded organization. And your suggestion is to reduce the effectiveness of TOR even more AND put your trust in a system in which the developers themselves can't guarantee it's secure because it's never been audited, unlike TOR, and operates on the exact same principles and methods.

You sir are a fool.

Of I2P, freenet, Tor and all the others TOR is the only one with good financial backing and an audited codebase that more than 3 people have looked at. I2P on the other hand is built on Java with literally one developer and is even smaller of a network, and likely suffers the exact same weaknesses as TOR, the most important of which is that the smaller the number of machines connected the easier it is to crack and track the network encryption and routing.

Re: LOL ... what?

Don't feel bad, tor is a Fed honeypot. You're already supporting them with that income tax they're so very fond of.

Besides, as Snowden has already demonstrated, they don't need your donations, they need your secrets, your contacts, your entire private life as far as the internet is concerned. Don't want to give them what they want? No problem, they'll take it. Doesn't matter if it's legal, doesn't matter if it affects someone outside their borders.

So yeah, I wouldn't be too broke up about not being able to financially support Tor, you're already doing it. In return the world gets a tool designed to funnel sensitive traffic through a supposedly "anonymous" path...something that researchers have demonstrated can be overcome with off the shelf hardware from Cisco (running netflow in particular).

Re: Relays, not exit nodes

[Solozerk]

how does the DoJ know what percentage of ANYTHING is going through it

That's an easy one: they make that number up, to spread FUD about it. And read the article I linked, BTW (and the source it links): the number in question has been easily disproved, with a relatively simple analysis of hidden services' hostnames resolution. Tor is not the USA's tool - it is an open source, publicly available software that was originally financed by part of the US government, period.

I realize all the Snowden revelations have made lots of people a bit paranoid (which is a good thing, mostly); but the fact is, it is extremely unlikely that tor is compromised in any serious way. Barring human error, tor works, mostly - there are some attacks possible, and there are demonstrated attempts by the NSA and others to compromise it (with some extremely limited results, both in their scope and in their duration); however, I have not seen any shred of evidence suggesting that it has been compromised in any serious way. This growing meme that "tor is broken for good", and the larger one that "if it's connected to a network, it's accessible by the NSA" is simply bullshit.

The thing is, in all likelihood, tor works. GPG works. If you encrypt something with GPG and the key is not available to them, even the most powerful security agency on the planet will not be able to read it. The advances both in basic mathematics and/or computing required to break those are so extreme that it would be very, very hard to hide it. And nothing in the Snowden leaks has suggested that those have been broken - quite the contrary, in fact, since several of the revealed documents suggest that tor and the growing encryption usage are a serious problem to those agencies.

That doesn't mean that it'll stay that way, mind; personally, I think that some sort of quantum computing might be in reach of those same agencies in a few years (and they are dumping and storing all the encrypted, non-breakable traffic they can in the meantime, I imagine waiting for this day) - and even that personal opinion will seem paranoid and far fetched to most experts in the field. But in the meantime, the most likely hypothesis is simply that those encryption algorithms and protocols are still secure. If you have any shred of evidence that is not the case, please link those - I'd genuinely appreciate it.

And finally, about Ulbricht and the other dark net markets taken down more recently: all of those have been clearly linked to human error, from corroborating testimonies from several parties. So sure, you can believe that this is entirely parallel construction, and you can also believe that Obama and most of the five eyes countries are bitching about encryption more and more to present a plausible deniability front while decrypting everything in the background; but right now, once again, there's nothing public even hinting at that.