Why does Tor need a director? If it is truly a decentralized network, why should the project require centralized project administrators? Because of funding and donation? Let's put the whole spread the initiative PR stuff away (of course that cost money), plus the hosting cost, what else do they use the donation for?
[edit] Have you folks looked at https://gratipay.com/search as another source of crowdfunding for developers? I am not sure which one is more effective for general funding.
It's not decentralized. The directory authorities, which hold the current state of the network, are hard-coded into the client software and trusted by all. They are a central point of failure - if a denial of service attack brought them all down for a suitably long period of time, the Tor network would cease to function.
What are the alternatives that work well internationally? Only Bitcoin comes to my mind, but it's a mess to buy, conversation rates fluctuate wildly and is far from easy to use.
Feb: Understaffed Tor minimized security warning. "Activity in the past has looked suspicious at the time, but ultimately did stuff that helped advance our art."
So who is going to get the billing record for all those hosts they spun up? Hard proof should not be that hard to come by, so I'm just waiting to see that. I am more likely to believe Tor than CMU because of the way the research was pulled, and it would be nice to pin them to it.
Do you have a source on Tor being funded by the CIA?
It's disingenuous to say that Tor reacted only after being deanonymized personally:
1. It was well known that Nick Mathewson worked for Tor long before this attack.
2. Tor added code that allowed them to detect the attack before they knew their IPs were deanonymized: that's the only way they found out their IPs were deanonymized.
18 comments
[ 5.8 ms ] story [ 87.1 ms ] threadBecome a crowdfunder.
https://blog.torproject.org/blog/our-first-real-donations-ca...
Thousands of volunteers provide the network capacity that makes the daemon useful.
[edit] Have you folks looked at https://gratipay.com/search as another source of crowdfunding for developers? I am not sure which one is more effective for general funding.
But EFF and Freedom of Press also use Paypal and they have a nice interface for monitoring recurring contributions.
You can even send in cash...
https://www.torproject.org/donate/donate-options.html.en
TL;DR (2014):
Feb: Understaffed Tor minimized security warning. "Activity in the past has looked suspicious at the time, but ultimately did stuff that helped advance our art."
May: CMU researchers announce breaking Tor, ignoring potential ethical violations. Blackhat talk cancelled; CMU & FBI begin 'not the droids you're looking for' responses.
Jul: Emergency fix to Tor to block CMU vulnerability. CMU researchers stop corresponding with Tor project.
Nov: FBI crackdown
It's disingenuous to say that Tor reacted only after being deanonymized personally:
1. It was well known that Nick Mathewson worked for Tor long before this attack.
2. Tor added code that allowed them to detect the attack before they knew their IPs were deanonymized: that's the only way they found out their IPs were deanonymized.