How Shari Steele Plans To Take Tor Mainstream

blottsie writes: Over her career, Shari Steel has taken on United States Department of Justice, the National Security Agency, and the Federal Bureau of Investigation. She built the Electronic Frontier Foundation into an international powerhouse for protecting online rights. Today, she has a new mission, perhaps her heaviest challenge yet: Take the Internet's most powerful privacy tool mainstream. From the Daily Dot article linked, a hint of one reason that bringing Tor mainstream isn't straightforward: At the heart of Tor's image problems are what's known as "hidden services" -- sites that are only accessible through the Tor network. Hidden services have been home to drug and gun marketplaces, child pornography forums, fraud and hacking sites, and sites where you can place bets on when a high-profile target may be assassinated. While the media tends to focus on the nefarious elements Tor enables, hidden services make up only about 1 percent of the Tor network, according to Steele, and are in no way operated by the Tor Project.

"I'm trying to teach everyone that we need to recognize that we are doing the work of the angels," Steele says. "What we are providing is really important and really great, and there happen to be uses that are residual that aren't what we're doing. We're not creating this for [illegal activity]. And OK, maybe it's being used for that, but that's not what we're about!"

1 percenters

[Stormcrow309]

Great, we will have geeks getting stomped by bikers for wearing 1%ers patches.

Re:1 percenters

[VernonNemitz]

Nevertheless, the fact remains that anything that can be used can also be abused. A pillow can be a murder weapon or help you sleep better. An H-bomb can deflect a dangerous asteroid or destroy a city. Water is problematic. :) Government can be tyrannical or ...hmmm!. And so on.

Re:1 percenters

[Maritz]

Show me the safety standard-compliant pillow that cannot be used to suffocate someone.

Well, I don't blame the gunmaker

[NotDrWho]

For how someone uses the gun.

But still, you have to wonder about a large-scale gunrunner who knows that his guns are being used to kill civilians in some civil war.

Re:Well, I don't blame the gunmaker

[Krishnoid]

I'll bet he gets maimed by one of his own munitions, then captured by guerilla forces, and has to wear an electromagnet in his chest to keep metal from entering his heart. Hopefully he learns from this and uses his knowledge for good instead of evil. You know, an ironic sort of punishment.

Re:Well, I don't blame the gunmaker

[DogDude]

Sir, put down the the Glenn Beck, and slowly walk away.

Re:Well, I don't blame the gunmaker

[bigfinger76]

Pretending that humans have evolved dramatically in that time is also a boner move.

Re: Well, I don't blame the gunmaker

[Narcocide]

All of you, stop trying to turn this into a discussion about guns. This conversation is about network security. The two technologies could not be more fundamentally different.

Re:Well, I don't blame the gunmaker

[Narcocide]

Aside from your cute reference to the plot of Ironman, this STILL HAS NOTHING TO DO WITH NETWORK SECURITY.

Re:Well, I don't blame the gunmaker

[Opportunist]

You really think your gun would stop the biggest military (by a margin and then some) on the planet from infringing on what you perceive to be your rights? They'll blow a hole into your history book and your constitution before you can yammer anything about having any kind of "right".

You have no rights anymore. You have privileges. And only until they happen to be in the way of someone important. Then they will simply be removed. The main reason you have that oh so important right to bear arms (or arm bears, I keep forgetting) is that it doesn't matter to anyone in power.

Re:Well, I don't blame the gunmaker

[Maritz]

Your bushmaster will really come in handy when a drone-launched hellfire missile is screeching towards your house. lol. If it's about defending yourselves from the government shouldn't you have, at a minimum, tanks? APCs? Something like that?

Re:Well, I don't blame the gunmaker

[beastofburdon]

And that is why we have gun control, so that it is much harder to oppose the government.

Re:Well, I don't blame the gunmaker

[beastofburdon]

You dumb shit. The point of the right to bear arms is so that a very large group of citizens can overthrow the corrupt government, not a single moron with mental issues. By the way, we can still take on the military. Our government will do anything they can(propaganda) to make us think that we are powerless, but that is just a ruse. And you are here trying to propagate that propaganda. Oh, and the reason they haven't taken that right away completely yet, is that they know they will die for it. There is no other reason.

Re:Well, I don't blame the gunmaker

[wyHunter]

He's a lefty so that's not likely.

Re:Well, I don't blame the gunmaker

[RockDoctor]

you have to wonder about a large-scale gunrunner who knows that his guns are being used to kill civilians in some civil war.

What do you have to wonder about them? They're making a profit, aren't they? And that is their job.

Re:Well, I don't blame the gunmaker

[nbauman]

Selling arms to dictatorships is just one of those things we have to put up with in life.

http://sciencenordic.com/unite...
The United States arms most dictatorships
January 1, 2012 - 07:00

You'll have to come up with a better reason than that to shut down anonymous networks.

Like, "Because we want to control which dictatorships get arms."

Re:Well, I don't blame the gunmaker

[Opportunist]

Dude, face it: You are powerless. You can't even get a sizable number of people to VOTE for something other than The Party, you really think that you have any chance to get a sizable number to get off their fat asses and away from their flatscreen TVs to overthrow the corrupt government? Please.

The main reason you still have that 2nd is that it is a great tool to get some votes because the other party (i.e. the other side of The Party) wants to take your guns away, so vote for us!

Yes, it's a propaganda element. So don't feel bad, you at least had something right. In some kinda way, at least.

If you want to be on an NSA watchlist...

[NoNonAlphaCharsHere]

...set up a Tor relay node. Easy peasy.

Re:If you want to be on an NSA watchlist...

[Narcocide]

I hear that pretty much any VPN or other sort of tunneling or encrypted network traffic pretty much accomplishes the same thing. Probably just posting to discussions about this type of topic Slashdot does it too.

Didn't the NSA already break Tor?

[JustNiz]

I'm fairly sure that I read somewhere quite a while back that Tor was already broken by one or other of the organs of the US government, and some people doing something illegal via Tor got caught and prosecuted. No?

Re:Didn't the NSA already break Tor?

[Iamthecheese]

No. I'm not saying it's not broken, I read a paper some years ago showing that Tor can be compromised by anyone owning 50% of the nodes. Using fast nodes can cut that percentage significantly. At the time there were, IIRC, 2400 total Tor nodes. So to say Tor wasn't compromised would be to say the US government didn't have the means and will to set up 1200 systems in various places as Tor nodes. I don't know how many nodes there are now but if it's not in the hundreds of thousands, I would bet my ass the whole network is compromised.

But the people who were caught were caught because they leaked personal information in various forms, or downloaded a script that directly leaked their IP's. It wasn't a weakness in the network. My guess is Tor intelligence is mostly being used for actual national security work: tracking down known terrorists who are dumb enough to rely on Tor for anonymity. There's got to be some parallel construction happening as well, but I think they only use it for serious stuff.

Re:Didn't the NSA already break Tor?

[gweihir]

It is not. Get your facts straight.

Re:Didn't the NSA already break Tor?

[JustNiz]

I may not be totally correct about Tor but at least I'm not an arrogant dick like you.

Re:Didn't the NSA already break Tor?

[tlhIngan]

I'm fairly sure that I read somewhere quite a while back that Tor was already broken by one or other of the organs of the US government, and some people doing something illegal via Tor got caught and prosecuted. No?

Well, it's not Tor itself that's the problem it's poor OpSec that was the issue causing the identity of the site owner to leak out. And there's another one involving an Apache module that is configured to listen to requests from localhost by default, except that Tor dark sites do exactly that so it went from a proper configuration to a vulnerability.

And reportedly, the NSA owns a LOT of exit nodes to which they use to monitor traffic. But that's not unexpected - Tor exit node traffic is easily monitored (you can't even trust SSL) by the exit node and poor OpSec again will lead to Tor users being identified.

In short, get everyone to use Tor and they'll be easily identifiable as they start using Facebook, social networking, as well as e-commerce and everything else.

You can only be anonymous by also being anonymous.

Re:Didn't the NSA already break Tor?

[AHuxley]

Onion routing vs Tempora https://en.wikipedia.org/wiki/... would show that in a nation every packet in and out can be reconciled.
The US gov origins and fronts for funding for onion routing to help US backed NGO's, spies, freedom groups, color revolutions.
https://pando.com/2014/07/16/t...
As for the NSA, GCHQ? Why would anything the US gov created be left out of their reach? Collect it all is the mission. A lot of nations globally have given or got asked or offered to share their entire telco systems and networks with the US and UK. Hard to escape that computer power and shared bases, collection sites.

The next question is US state and federal law enforcement budgets, if onion routing fails at that low cost, any well funded nation can do the same.
How?
Equipment interference ie getting bespoke gov malware to the user via some induced interaction seems to be the method thats hinted at.
The vocal supporters of onion routing will push news that the method as designed is still good but more and more open court sessions show issues surrounding real ip's been discovered on a per case funding level. Federal police can pay the costs per year, per case thats lower than spy budgets with billions to spend on contractors.
If the method offered cant secure all packets in and out of a computer network, OS, a real ip will leak.
A link thats a trap or expensive total network overview, the result of an ip leak is the same.

Re:Didn't the NSA already break Tor?

[cavreader]

"The NSA does keep claiming to have broken Tor"
The NSA has never made such a claim and there is no evidence that TOR has been broken by the NSA or anyone else.

However, I wouldn't be surprised if the NSA could figure out how to compromise TOR since the government has been involved with the TOR project since it's inception. It was originally designed and built by the US Naval Research Laboratory. Their stated purpose at the time was to protect US intelligence communications. Onion routing was originally developed by DARPA in 1997. And the US is the largest donor to the TOR project providing almost 40% of the project budget.

Re:Didn't the NSA already break Tor?

[KGIII]

Gotta be honest here... You're really being the dick in this situation. Read their post again. Note the question mark? Heaven forfend, someone try to learn something when we're always telling people that if they don't know they should ask and learn. (Or just directing them to the manual.) However, in all fairness, a number of articles have made it a bit confusing and one might believe that TOR has been broken. By all accounts, it hasn't so long as you remain on the .onion domains. Exiting the network might be visible with traffic shaping and timing detection methods. It also confers no benefit to those who do not secure their browser and are leaking personal information. I can see how that would be confusing.

You could have, of course, just told 'em that but you had to feel superior, huh? Kids these days. ;-) But yeah, you're kind of a dick tonight.

Re:Didn't the NSA already break Tor?

[JustNiz]

>> You are clueless and shoot off your mouth
No, I simply asked a question.

>> and the person pointing it out is an "arrogant dick"?
exactly. See the way you did it, both originally and just then.

>> Are you campaigning for equal credibility for idiots and morons or what?
Thanks for just further confirming my assertion that you are, in fact, an arrogant dick.

Re:Didn't the NSA already break Tor?

[Maritz]

If the NSA broke Tor, they would not say that. They would be fucking encouraging people to use it if they'd broken it.

Re:Didn't the NSA already break Tor?

[Maritz]

Sadly the general tone of Slashdot seems to lean in that direction.

Re:Didn't the NSA already break Tor?

[MrNiceguy_KS]

In short, get everyone to use Tor and they'll be easily identifiable as they start using Facebook, social networking, as well as e-commerce and everything else.

I think the whole point of this exercise is to make Tor usage as widespread as possible. Right now, I'd imagine that Tor usage is an immediate red flag for further attention. But if you get millions of people using Tor for social networking, e-commerce, and other general, innocuous purposes, than it becomes just another security precaution, no more suspicious than having your phone PIN-locked.

This is partly the reason I make it a point to use Tor on a semi-regular basis myself.

Re:Didn't the NSA already break Tor?

[KGIII]

I won't argue but I will add that you're right, it's not uncommon. However, I've communicated with 'em before and they're usually not a dick. Even I'm a dick sometimes. Though, often it's my poor articulation that makes it seem like it was intentional but sometimes I'm still a dick. I suspect they were just grumpy or drunk. ;-)

Re:For whose still unknown about Tor... This is:

[wjcofkc]

Do I mod you up? Do I mod you down? Funny or Troll? Fuck it, I'll just post and admit that was my very first thought too.

Re:For whose still unknown about Tor... This is:

Oh we are on reddit now.

Re:Why?

You don't want to know.

The work of angels?

[dsmatthews9379]

Angels are the, some times murderous, henchmen of the universal dictator. Biblical metaphors are never a good idea, except in sermons to people that welcome being preached at.

Re:For whose still unknown about Tor... This is:

Yeah ... it's important that women - particularly those in the public eye - match up to expectations on sexual attractiveness. Otherwise, how will guys know who to mate with?

Why can't people be even a little bit nice?

Re:For whose still unknown about Tor... This is:

[R3d+M3rcury]

Actually, I was thinking of Roger Daltry.

My problems with it.

[waspleg]

I'm a big advocate for TOR and what they try to do but there are some big obstacles.

* Speed sucks.
* There are no good search engines.
* Exit nodes are widely blocked and/or monitored.

I saw a good BBC documentary that explains TOR in laymen's terms https://www.youtube.com/watch?v=rZhmuGVSdaY if anyone is interested.

Re:My problems with it.

It sounds like you haven't used it in a while. It's gotten a lot better. Tor is really fast now and while sites blocking exit nodes is a problem it's probably more important that hidden service work be improved. There are ways to get around sites that block Tor for those who actually need to access public web sites over Tor. On the other hand the people who really need to remain anonymous in order to publish content have no such ability to protect themselves adequately against attack. It's the weak spot of Tor. It's the real reason it exists. Unfortunately the funding isn't coming from those who want to protect users privacy so much as those who want to ensure they can utilize it as a tool to investigate crime, enemies of state, and similar. I do think we can fix the site blocking problem- but it will take change in the software and/or a lot more outreach with organizations. Adding a sufficient number of exit IP addresses should solve this problem. However that'll require recruiting larger more organizations and large organizations to participate in running Tor exit nodes. Organizations that have lots of IP addresses. Examples of places we could potentially run Tor exit nodes and expand the number of exit IP addresses: Libraries. And guess what there is something called the Library Freedom Project (.org) that is doing just that! But they do need a lot more help.

Re:My problems with it.

[AmiMoJo]

Speed is okay for general browsing, especially since you would normally have full ad-blocking enabled and scripts disabled. For searching, I presume you mean for hidden services because google works with Tor, and well... Maybe the reason most of those sites don't make themselves available for indexing by search engines is because they don't want to be found that way.

As for exit node monitoring, it's really only an issue for n00bs. Maybe the Tor Browser bundle should block non-HTTPS sites by default.

1/3 Image, 1/3 Society,1/3 Tech

[Voyager529]

Tor's issues with respect to going mainstream, in my opinion, are as follows:

1.) It's complicated. Yes, it can be streamlined, which is the goal, but even if it were, it's still inherently more complicated than "not using Tor".
2.) No need. "I'm just browsing Facebook and paying bills online...and if someone is really snooping that traffic, what difference does it make?"
3.) Location data is convenient. As much as I hate Google tracking me, I'd much prefer knowing about restaurants near me when I'm hungry, than ones in Malaysia.
4.) Many people's first encounters with Tor are the result of ransomware...which are usually a traumatic experience. That's not exactly great marketing.
5.) Tor slows down browsing significantly; adding additional users would exacerbate the issue.
6.) Even the "good guys" have questions about the utility of Tor (compromised exit nodes, honeypots, etc.)
7.) Tricky on mobile devices.

Honestly, I see Tor's problems having much less to do with technological problems than with sociological ones. For most people, Shari would have to establish a need for them to use Tor. I don't see her being effective in that - not because of who she is, but because of her audience.

Re:1/3 Image, 1/3 Society,1/3 Tech

[tnk1]

Tor is useful when you need it and really have no better choice, but its not going to be a mass solution. There's too many things you have to get right for it to work the way it is intended and not expose you to discovery.

And yes, it is slow. Painfully slow.

Another thing I consider when I look at encrypted or otherwise more purposely "secure" transmission methods is that if you're using them, you're now in a group of people that is passing more "interesting" traffic. Observers may or may not be able to read what you are saying, but they're a whole lot more interested in whatever it is you are saying, if you show that you're taking more than the usual precautions with it.

It also means that even if they can't see you, there are specific Tor .onion sites which are only a small subset of the Internet, and those sites can become infected with malware that talks back to the investigators, as it has been seen in the past. In that way, a Tor user may be more likely to get caught in the dragnet and investigated. And it doesn't have to be something like a Silk Road type of site either, although you're certainly a target if you look at one of those kind of sites.

So, when I hear of people trying to take this sort of thing mainstream, I can totally see why you'd want to do that. It makes it less likely that you're a higher priority surveillance target just for using it.

Unfortunately, most people have to have a good reason to be inconvenienced in this manner during normal transmission of data because they just want to send a message or look at a site and don't care who knows where they browse. We'll need something a lot more user friendly (and more secure) than Tor for that sort of adoption.

Re:1/3 Image, 1/3 Society,1/3 Tech

[Snotnose]

5.) Tor slows down browsing significantly; adding additional users would exacerbate the issue.

This. I've tried to use Tor several times over the last 10 years, it's always been so slow I gave up on it before getting 3-4 pages.

Re:1/3 Image, 1/3 Society,1/3 Tech

1) My grandmother thought the VCR was complicated
2) "what difference does it make?" Is that you Hillary? (It makes a lot of difference, I'll spare you the details)
3) Having the restaurants location data and knowing where it is in relationship to yourself is convenient. ____, inc recording and storing the details of your location is the problem
4) In my life, sadly of which too much is spent online, I have never encountered 'Tor ransomware'. But maybe this is a reality for some?
5) My understanding of Tor is limited, but by reading what is published it sounds like the problem with tor performance is similar to the problem Verizon has with a fraction of a percentage of its data plan (ab)users: a few dumbasses downloading pirate bay torrents kills the experience for everyone else.
6) Again limited understanding of tor, but wouldn't more users help the anonymity problem more than hurt it?
7) https://play.google.com/store/apps/details?id=org.torproject.android

Re:1/3 Image, 1/3 Society,1/3 Tech

[Voyager529]

1) My grandmother thought the VCR was complicated

Yes, there will always be those who cannot adapt. However, the problem attempting to be solved is that there is a majority of people for whom Tor is prohibitively complicated.

2) "what difference does it make?" Is that you Hillary? (It makes a lot of difference, I'll spare you the details)

No, it's not Hillary. I too know it makes a difference. The problem is that the perception of the implications for most people is that they are trivial. Hence, why this is a social issue as much as a technological one.

3) Having the restaurants location data and knowing where it is in relationship to yourself is convenient. ____, inc recording and storing the details of your location is the problem

Yes, but Tor doesn't solve this problem. Running a Google search through Tor will show me restaurants near the exit node rather than my actual location, and then store that data.

4) In my life, sadly of which too much is spent online, I have never encountered 'Tor ransomware'. But maybe this is a reality for some?

I fix computers for dozens of people, from home users to small businesses. I've run into ransomware a number of times, and almost invariably, the instructions were basically, "send 0.5 Bitcoin using this Tor address...", or some approximation thereof. Clearly, not the EFF's fault this happens, or that it happens that way...but when the two most common ways people hear about Tor are "Silk Road" and "Cryptowall", it's difficult to argue that the battle to legitimize Tor in the court of public opinion is a steeply uphill one.

5) My understanding of Tor is limited, but by reading what is published it sounds like the problem with tor performance is similar to the problem Verizon has with a fraction of a percentage of its data plan (ab)users: a few dumbasses downloading pirate bay torrents kills the experience for everyone else.

That may well be the case. Unfortunately, there's no meaningful way to prohibit that sort of use.

6) Again limited understanding of tor, but wouldn't more users help the anonymity problem more than hurt it?

Tor isn't like Bittorrent - there are lots more 'leechers' than 'seeders'. Using a Tor browser does not also require you to be an exit node, and being an exit node means that you may be legally liable for the traffic, depending on jurisdiction. Even if not, it means that your bandwidth will constantly be saturated by other people's data. Thus, there's every disincentive to be one.

7) https://play.google.com/store/...

Android is the easy one. iOS...not so much.

Re:1/3 Image, 1/3 Society,1/3 Tech

[AmiMoJo]

I think perhaps you misunderstand the goal of Tor. It's not really aiming to be the default way people browse the web. We should concentrate on other technologies for that, like making sure everywhere uses HTTPS properly.

Tor is ideal for low bandwidth stuff like messaging and browsing simple but important web sites. It's useful when you need to communicate privately and securely, even if it isn't always perfect. So there are two important points here:

1. Even if it isn't always used perfectly, it still prevents most adversaries from identifying you because the equipment and skill needed to subvert it is beyond the means of, say, most law enforcement. This can still be improved but is very important for people who live in places where law enforcement is a threat to their safety.

2. Merely by existing and being an option, it makes people realize that their normal communications are not secure.

Re:1/3 Image, 1/3 Society,1/3 Tech

[houghi]

3.) Location data is convenient. As much as I hate Google tracking me, I'd much prefer knowing about restaurants near me when I'm hungry, than ones in Malaysia.

When I am hungry, I can type in 'City' and get it.

What I dislike about it is how it is NOT used to help me. Filling out an adress and they ask for a state? Whare I live we have no states.

And looking at Google: I understand that you want me to use google.TLD, but do NOT assume that I want to see something in a certain language depending on my location. I want it in English, just like my browers main and only manguage is. Next to that, I work in a bi-lingual city and they WILL get it wrong.
So for the love of whatever you pray to, use the language setting in the brower, or are you already take so much data, you can not use that?

Concerning TOR, I won't be using it, because I am sure it does not matter. I rather know I am being followed than hope that I am not.

It might take off if it becomes something that is default. A bit like pgp. Not that hard to use, but nobdy uses it, because it is not already installed (and I would want to use it only for the signature, so I know my bank is my bank). So a bit like Linux. No pre-install, no desktop year. Pre-install and everybody uses it killing WIndows (Android/Apple)

Re:More like 'Plans to ruin Tor forever'

[Narcocide]

You don't have any idea who/what the EFF actually is/does, do you?

Re:More like 'Plans to ruin Tor forever'

[KGIII]

EFF and the ACLU (plus the local chapter) get donations every year - sometimes more often if I read about an issue they're needing help with funding. I am not affiliated with either but I do like to remind folks that both groups are hard at working at helping with our liberties. So, if you've got a buck or two and want to help out, I'm certain they'd appreciate it.

Corporate TOR sponsorship

[Anomalyst]

They need to petition large/multinational corporations like BK, MickyD, Pepsico, Walmart, etc to install tor exit nodes at all their retail locations and make available something like an all inclusive raspberry PI package with a rolling distro configured to auto-update to keep it secure. Maybe with a bitcoin full node as well. Call it a the Raspberry Freedom with the audio catch phrase "PHHHHHHHT" raspberry sound (distinctly discernible from the farting apps constituting so much of whats available for apple products, please).

Re:For whose still unknown about Tor... This is:

[Opportunist]

Make it 5 and I'll fire up Photoshop.

Comment

[WallyL]

So unrelated to the story specifically, but this is a discussion about a woman in technology who actually does stuff? She's not complaining about SJW issues; she's out there fighting the fight with us-- for us! So for once, we can relax and not have a big feminism discussion just because a woman is doing something tech-wise.

Thank you, Shari.

Tor's problem is not hidden services

[Keybounce]

Tor's problem is not hidden services.

Tor's problems:
1. Speed sucks. Since *ANY* node can be used in the pathway, your speed is limited to the upload speed of the slowest node you are using. Since you have no control by default over which nodes are used, you cannot prevent this.

Scarily, when I was playing/using Tor, the best results came from limiting my usage to only half a dozen nodes. Never mind the goal of security here.

The work-around: Use an IP-like system, where your stream is sent over many links, and re-assembled at the end. Even if one link is slow, it will only handle a few packets.

2. The goals are in conflict. Tor has *at least two different goals*.
Goal #1: Prevent your neighbor/public lan/ISP from seeing what you are doing. This is as simple as a one-hop channel. Instead of talking to my destination, I talk to a single forwarder. Done.
Goal #2: Prevent tracking. If I talk to a single forwarder, then a single node knows who I am, and who I am talking to. This can be prevented by a two-hop. Node #1 knows that a connection is going in from site H, and out to site 2, but doesn't know that H is the requesting host. Node #2 knows that it is talking to destination D, and host #1, but doesn't know who the requesting host is. "Perfect", right? Well, not if node 1 is doing the splitting.
Goal #3: Provide real privacy. There's a good analysis that I don't have a link to showing that the two-hop is traceable. And if the first hop is splitting (instead of the host splitting), then the two hop doesn't have enough security. Basically, if I remember correctly: If you always change the entry and exit nodes, you will eventually have a pair controlled by an attacker, so you have to limit your switching of those. To prevent being tracked, you need a random third node in-between.

The more nodes? The slower the speed, and a different set of attacks being defended against.
For most people? A single hop suffices.
For those that want light security? Two hops.
For those that want speed? Have multiple paths, and assembly at the end.

What kills Tor, beyond these, are things you, as a user, cannot control:

** Stupid websites that assume anything coming from a Tor node are attacks and delete them **.

I mean, **stupid**. I can actually log in, with name and password, and still get "Sorry, we don't accept hackers using Tor" type messages.

As long as sites are going to say "We can arbitrarily deny service to people who are concerned about privacy", then nothing will get fixed.

As far as "splitting" paths go? Here's what the Tor docs say:
> You should split each connection over many paths.
>
> We don't currently think this is a good idea. You see, the attacks we're worried about are at the endpoints: the adversary watches Alice (or the first hop in the path) and Bob (or the last hop in the path) and learns that they are communicating.

Tor is concerned about the security of your communication. Tor is not concerned about the speed of your communication. As long as "Use the best possible security, regardless of speed cost" is the goal, then Tor will only be focused on people who need to best possible security -- namely, those who are taking actions against a government or large corporation.

Re:More like 'Plans to ruin Tor forever'

[beastofburdon]

End up? Are you really foolish enough to think the CIA would develop a tool for anonymity and release it to the public before it was thoroughly defeated? It is only good for pirating, anything that would be subversive to the government's ambitions done on TOR will get you killed.

That's not my department, said Werner von Braun

[mcswell]

From the OP: "We're not creating this for [illegal activity]. And OK, maybe it's being used for that, but that's not what we're about!"

https://www.youtube.com/watch?...

Re:More like 'Plans to ruin Tor forever'

[KGIII]

Thank you. I was, until now, entirely unfamiliar with them. They look like they might be a worthy cause. Free speech means protecting the speech that is not preferred and these folks get funding from the government. So, it's a noble goal and I thank you for bringing it to my attention. I'm in the process of getting some BTC, where I'll wash it, and then I'll push it on to them anonymously in chunks over the weekend and into the coming week*. I need neither a shirt nor recognition. I care not about the tax write-off, I generally exceed the allowed amount anyhow.

I'll avoid mentioning a specific total but they'll get a good chunk - as I may not remember to donate until next year (I have put it into my calendar so it will remind me to check again in a year). But, suffice to say, it's a goodly chunk and would net a number of t-shirts. They look like a worthy cause and, I repeat myself, thank you for bringing them to my attention. They'll be put into the yearly cycle which is usually appreciated by the organizations. I also try to keep to a budget every month - and what's excess gets donated, sometimes at almost random(ish) and between the groups that I keep in mind.

* Why spread out? Meh, it's a privacy thing. I like anonymity with some things. Or at least not being able to make certain attributions. I've found that doing so means that I don't get as many heart-felt requests (even after ensuring I ticked the box to not subscribe to such) from various groups. I know, pretty factually, that more than one group has shared my email address - I use catch-all and then use a custom email address that indicates the source. I've had this happen multiple times and those groups no longer get donations.