An important point the article makes is how important it is for a large number of people to use Tor, even if only occasionally. I try to use Tor at least once or twice a week for general web browsing. I also donated money to them.
It is really important for people to also support groups like the EFF and ACLU financially: a good investment in future freedom. History shows that large empires tend to get tough on their citizens as the empires wane. We live in an era right now where the current large empire is waning.
I actually switched to using Tor whenever I go on wild hunts about stuff that I find interesting. Basically that means whenever I visit Wikipedia, because I can waste hours there, going over the weirdest topics.
Usually I get drawn in by stuff like history and end up on things like Soviet Union, Nazi Germany, Japan in WW2, etc. or stuff like Ku Klux Klan, the "Islamic State". If there is some surveillance system it will probably be thinking I am into each and every kind of extremism. And since extreme groups like the Nazis have the wildest conspiracy theories that also is something I don't want to identified with.
Using Tor by using the Tor Browser is actually pretty nice and pretty fast, both to set up and when browsing. Years ago Tor used to be rather slow. That totally changed.
The are a few annoyances though.
Some websites seem to have weird rules such as "block Tor completely". Come on, your website can still be exploited. You will not really stop anyone that way.
Then there is the problem of websites usually requiring JavaScript for everything. The latter is weird, cause it's like people use "front end frameworks" for stuff where it doesn't really make sense and even slows down the page a lot. I am not saying JavaScript is evil, but I think people overuse them these days. Of course you might decide to enable JavaScript and unless you set the Tor Browser to highest security at least HTTPS sites will deliver and execute JavaScript.
Another major annoyance is CloudFlare. They require you to enter a CAPTCHA (which for some time didn't work), when accessing a website via Tor. The only way to disable it is for the website owner to completely disable security. I mean I get that they probably want to prevent some script kiddies from "hacking" unpatched Wordpress or so, but maybe this can be enhanced. Cause like I said above. The approach of filtering certain IPs isn't really enhancing actual security and nobody is going to DDOS you via Tor. ;)
Some of these points are partly why I chose to go with a commercial VPN regularly rather than Tor. There is also no change at all in my bandwidth with the VPN, and I can seamlessly use high bandwidth tools like Netflix, streaming audio/video, etc. Maybe Tor has improved lately to allow this kind of behavior easily also?
Moreover, VPNs are juicy targets for surveillance corps since so many do use them to conduct illegal or questionable activities. My personal strategy is to use Tor with a private obfuscating bridge rotated frequently between hosting providers.
For certain kinds of streaming it might be nicer to use a VPN, even though, like others already pointed out it might still be used invade your privacy.
Not just that your provider might just log your actions, but VPNs are usually not trying to avoid various passive attacks, simply because VPNs are there to provide an encrypted connection, nothing more.
For ISPs (of the VPN) and others it's rather simple to look at where and how you enter and therefor an attack where people look at the (amount of) traffic that goes there, what the server on the VPN side requests. It's not impossible with Tor, but way, way harder.
In addition to VPNs usually being centralized and therefor easier to attack in such a manner your VPN also is likely to have fewer users than Tor, so it's way easier to look at it and draw conclusions.
Also VPNs tend to be better suited for (semi)targeted attacks.
Watching HTML5 video on Tor is fine, though I haven't tried a 2 hour movie in high resolution. The main challenge is that if you want to preserve many security benefits of Tor then you can't use Flash.
Tor's performance generally works well enough that I think most users could use it most of the time and make non-Tor usage a special case.
Nope. Still an annoying process to stream YouTube, and it still chops. The general vibe of the Tor community is to not use up excess bandwidth unless you have to, because it chokes endpoints and gateways and leaves less room for others. I think a lot of gateways probably run some form of bandwidth limiter, but that's just speculation. It's considered extremely bad taste to do things such as high-volume P2P
It's rather hard and inefficient to do that over Tor.
It's actually way easier to just use your regular botnet or pretty much every other approach.[1]
And then it's rather simple to prevent this with your ordinary approach. There are currently around 1000 exit nodes[2]. Compared to most DDOS attacks that is really small number of nodes. For various reasons (measures that are mostly there to make sure Tor can be used for regular browsing in a usable manner, even when there is people that want to download lots of large files) you will run into limitations rather quickly.
As tete says, it'd be rather inefficient to do a DDoS via Tor. I think that the reason for the captcha is more related with security, to avoid spammers or bots to getting through via Tor. Cloudflare explains the issue here: https://support.cloudflare.com/hc/en-us/articles/203306930-D...
You can download a copy of Wikipedia articles from https://dumps.wikimedia.org/. It's surprisingly small, around 15GB for all articles, and 50GB or so uncompressed.
Then just browse offline, and nobody can tell what articles you looked at.
And I am not sure what to do with the Database backup dumps if the only thing I want is some static HTML pages, how could I get some readable HTML out of them?
You can't get the html anymore. You can download the dump (latest one is enwiki-20151102-pages-articles.xml.bz2, around 11GB), and then generate the pages dynamically.
See https://en.wikipedia.org/wiki/Wikipedia:Database_download#St..., and the next section. There are a bunch of programs that can do various things, and if you're on a reasonably recent computer, you shouldn't have a problem dynamically loading anything. There's even a rockbox plugin, which I used for some time, on a slow mp3 player.
My Tomato router has Tor built in. I can enable it and route some traffic through sometimes, but does anyone know if it will consume bandwidth if I leave it open but not use it? Is every Tor node a potential relay node?
There is also organizations that host Tor servers and while I think they can be trusted and a donation certainly is worthwhile it also leads to a form of centralization.
Oniontip is likely far from covering any costs, but I guess it helps the operators a bit.
I don't agree with this statement from the article:
This, and Tor’s history of US government sponsorship, has led to series of really embarrassing conspiracy theories from the likes of PandoDaily. This is why non-technical journalists should not write about technical subjects. If you’re going to suggest that open-source software has dark ulterior vulnerabilities, you need to point at exactly where they are in the code (or deployment process), or you will quite rightly be laughed out of the room. Funding and relationships are not unimportant — and I’m sure Pando will now write me off as part of the shadowy conspiracy, as Tor developer Jacob Appelbaum is an old friend — but it’s the running code that actually matters. Sadly, non-engineers don’t seem to understand this, or how laughably ridiculous they look as a result.
The author, Jon Evans, seems to imply this is a widely accepted standard, which is not my experience. It also doesn't seem realistic: While it's great that open source software's source code is available, it's not possible to review it all much less to catch subtle exploits that might have been introduced by security agencies - we can't even catch many unintentional exploits. Also, we know from leaks that security agencies have tried and have succeeded at times. Realistically it comes down to trust.
Think of it this way: How many HN readers, a sophisticated population, have reviewed Tor's code? How many feel they have no choice but to choose either to trust them or not? Also, how many open source projects have had security audits performed by anyone?
> it's not possible to review it all much less to catch subtle exploits that might have been introduced by security agencies - we can't even catch many unintentional exploits
Precisely. In the wake of Shellshock and Heartbleed the sneering tone of the passage you've cited should profoundly embarrass the author. It does not accord well with the facts.
People tend to cite heartbleed as an example of how "open source" has no intrinsic security value. While I agree that something being "open source" does not automatically make it secure, I think that it does allow us to gauge the security of the project.
In the case of heartbleed, anyone who has ever spent more than 30 seconds looking at OpenSSL can tell you that it is not secure software and never will be. We can't identify and remedy every possible vulnerability, but we do have enough information to know that events like heartbleed will happen again and again.
People that claim open source has no security value seem to believe that just because you can't catch every vulnerability through public review, you may as well not bother at all.
That logic is obviously faulty, I can't imagine they would apply the same rationale to cancer screening.
There's a difference between being aware and a conspiracy theorist - and claiming backdoors exist in a given piece of software without the slightest shred of proof is the latter.
It's also not possible to catch all systematic design flaws. It's possible for someone who is deeply knowledgable in an area like crypto to deliberately introduce strategic design weaknesses into a system that might seem like reasonable choices to anyone who doesn't understand the exact context.
I have always been suspicious of Tor's choice of long-lived circuits over packet-level onion routing. It seems like each packet should follow a different path. It would also be easier in a packet-based scheme to implement some level of noise / decoy traffic generation to make statistical analysis of traffic more difficult. It seems like a design choice that would make statistical inference easier by someone who has a God's-eye view of traffic. Large powerful nation states absolutely have this, while smaller ones may not, making it an ideal asymmetric vulnerability.
But that's just one example. A true deliberately-introduced weakness might be something far more subtile than this: a choice of order of operations or timing for example.
Friendly reminder that SELinux was developed by the NSA, and is now part of Linux. So clearly the open source community doesn't care too much about who created a piece of code.
Also, Tor is not designed to be resistant against traffic analysis by a global passive adversary. That isn't the kind of evidence that can be used in a US court, but intelligence agencies aren't primarily interested in bringing cases in front of courts, anyway.
Although there has been more than a little evidence of "Parallel Construction" happening where the aforementioned global passive adversary pushes a treasure map to the local law enforcement agencies with indicators as to where to look...
42 comments
[ 2.5 ms ] story [ 97.4 ms ] threadIt is really important for people to also support groups like the EFF and ACLU financially: a good investment in future freedom. History shows that large empires tend to get tough on their citizens as the empires wane. We live in an era right now where the current large empire is waning.
Usually I get drawn in by stuff like history and end up on things like Soviet Union, Nazi Germany, Japan in WW2, etc. or stuff like Ku Klux Klan, the "Islamic State". If there is some surveillance system it will probably be thinking I am into each and every kind of extremism. And since extreme groups like the Nazis have the wildest conspiracy theories that also is something I don't want to identified with.
Using Tor by using the Tor Browser is actually pretty nice and pretty fast, both to set up and when browsing. Years ago Tor used to be rather slow. That totally changed.
The are a few annoyances though.
Some websites seem to have weird rules such as "block Tor completely". Come on, your website can still be exploited. You will not really stop anyone that way.
Then there is the problem of websites usually requiring JavaScript for everything. The latter is weird, cause it's like people use "front end frameworks" for stuff where it doesn't really make sense and even slows down the page a lot. I am not saying JavaScript is evil, but I think people overuse them these days. Of course you might decide to enable JavaScript and unless you set the Tor Browser to highest security at least HTTPS sites will deliver and execute JavaScript.
Another major annoyance is CloudFlare. They require you to enter a CAPTCHA (which for some time didn't work), when accessing a website via Tor. The only way to disable it is for the website owner to completely disable security. I mean I get that they probably want to prevent some script kiddies from "hacking" unpatched Wordpress or so, but maybe this can be enhanced. Cause like I said above. The approach of filtering certain IPs isn't really enhancing actual security and nobody is going to DDOS you via Tor. ;)
My favorites are obfs4 and StegoTorus, running on a private machine in some "cloud".
Not just that your provider might just log your actions, but VPNs are usually not trying to avoid various passive attacks, simply because VPNs are there to provide an encrypted connection, nothing more.
For ISPs (of the VPN) and others it's rather simple to look at where and how you enter and therefor an attack where people look at the (amount of) traffic that goes there, what the server on the VPN side requests. It's not impossible with Tor, but way, way harder.
In addition to VPNs usually being centralized and therefor easier to attack in such a manner your VPN also is likely to have fewer users than Tor, so it's way easier to look at it and draw conclusions.
Also VPNs tend to be better suited for (semi)targeted attacks.
Tor's performance generally works well enough that I think most users could use it most of the time and make non-Tor usage a special case.
Uhh, yes they will... and that is pretty much the exact reason for the captcha.
https://www.torproject.org/docs/faq-abuse.html.en#DDoS
It's actually way easier to just use your regular botnet or pretty much every other approach.[1]
And then it's rather simple to prevent this with your ordinary approach. There are currently around 1000 exit nodes[2]. Compared to most DDOS attacks that is really small number of nodes. For various reasons (measures that are mostly there to make sure Tor can be used for regular browsing in a usable manner, even when there is people that want to download lots of large files) you will run into limitations rather quickly.
[1] https://www.torproject.org/docs/faq-abuse.html.en#DDoS
[2] https://metrics.torproject.org/relayflags.html?graph=relayfl...
Then just browse offline, and nobody can tell what articles you looked at.
The Wikipedia on DVD link doesn't seem to work http://www.wikipediaondvd.com/.
And I am not sure what to do with the Database backup dumps if the only thing I want is some static HTML pages, how could I get some readable HTML out of them?
See https://en.wikipedia.org/wiki/Wikipedia:Database_download#St..., and the next section. There are a bunch of programs that can do various things, and if you're on a reasonably recent computer, you shouldn't have a problem dynamically loading anything. There's even a rockbox plugin, which I used for some time, on a slow mp3 player.
https://oniontip.com/
There is also organizations that host Tor servers and while I think they can be trusted and a donation certainly is worthwhile it also leads to a form of centralization.
Oniontip is likely far from covering any costs, but I guess it helps the operators a bit.
[0]: https://freenode.net/irc_servers.shtml#tor
This, and Tor’s history of US government sponsorship, has led to series of really embarrassing conspiracy theories from the likes of PandoDaily. This is why non-technical journalists should not write about technical subjects. If you’re going to suggest that open-source software has dark ulterior vulnerabilities, you need to point at exactly where they are in the code (or deployment process), or you will quite rightly be laughed out of the room. Funding and relationships are not unimportant — and I’m sure Pando will now write me off as part of the shadowy conspiracy, as Tor developer Jacob Appelbaum is an old friend — but it’s the running code that actually matters. Sadly, non-engineers don’t seem to understand this, or how laughably ridiculous they look as a result.
The author, Jon Evans, seems to imply this is a widely accepted standard, which is not my experience. It also doesn't seem realistic: While it's great that open source software's source code is available, it's not possible to review it all much less to catch subtle exploits that might have been introduced by security agencies - we can't even catch many unintentional exploits. Also, we know from leaks that security agencies have tried and have succeeded at times. Realistically it comes down to trust.
Think of it this way: How many HN readers, a sophisticated population, have reviewed Tor's code? How many feel they have no choice but to choose either to trust them or not? Also, how many open source projects have had security audits performed by anyone?
Precisely. In the wake of Shellshock and Heartbleed the sneering tone of the passage you've cited should profoundly embarrass the author. It does not accord well with the facts.
In the case of heartbleed, anyone who has ever spent more than 30 seconds looking at OpenSSL can tell you that it is not secure software and never will be. We can't identify and remedy every possible vulnerability, but we do have enough information to know that events like heartbleed will happen again and again.
Nice strawman you got there.
"Who actually reads the code?" https://www.fsf.org/blogs/community/who-actually-reads-the-c...
I have always been suspicious of Tor's choice of long-lived circuits over packet-level onion routing. It seems like each packet should follow a different path. It would also be easier in a packet-based scheme to implement some level of noise / decoy traffic generation to make statistical analysis of traffic more difficult. It seems like a design choice that would make statistical inference easier by someone who has a God's-eye view of traffic. Large powerful nation states absolutely have this, while smaller ones may not, making it an ideal asymmetric vulnerability.
But that's just one example. A true deliberately-introduced weakness might be something far more subtile than this: a choice of order of operations or timing for example.
Case study 2: bitcoin.