I wonder how the author will live with himself knowing that he's directly facilitating all the horrible things that go on Tor. I know that I can't do that, so kudos to him.
Not a good analogy. Most usage of Tor is either unnecessarily paranoid people, criminal enterprises, and state agencies. In fact, so far the leaks (Snowden, Wikileaks, etc) are the only cases I've heard of where Tor usage legitimately helped.
Can you say the same thing about electricity?
Again, I'm not saying that Tor should be shut down, it's just unsettling to work on something that the majority of its usage is "bad".
Union workers , journalists, security researchers, IT managers, lawyers, and judges and prosecutors are the professions of people I teach the usage and inner working of TOR to.
They all have legitimate use cases for it.
And nobody has any idea what "most" (according to which metric anyway? Bandwidth, number of connections?) of TOR usage is for.
Do you have a citation that the majority of Tor usage is condemnable? I mean there’s nothing wrong with a state agency or a paranoid person browsing using Tor, for example. This is the first I’ve heard that the majority of Tor use is morally or ethically wrong.
The same way a lawyer who defends freedom of speech lives with themselves when a significant portion of people who invoke freedom of speech [and get in trouble for it] are terrible people promoting terrible ideas.
> unnecessarily paranoid people, criminal enterprises, and state agencies
These things are the most newsworthy which is why you hear about them most often. Don't conflate "most newsworthy" with the "most common" use case for Tor.
Every time I have needed to bypass a stupid local filter to read one of my favorite news sources (torrentfreak.com). Every time I've wanted to see what my website/project looks like to people from a variety of geographically different IP addresses.
Good luck finding any VPNs/Proxies that isn't also used by criminals, which was the initial point you made. Tor is also different because it's a open source project, driven by their own non-profit foundation and doesn't costs any money to use. Also hard to find any VPNs/proxies that offer those things.
You're talking over each other. It's plain to see. The conversation you're having rests upon the answer to the questions: "What percentage of Tor usage is malicious compared to VPN, electricity, crowbar usage, etc.? And what percentage is morally acceptable?". Just pointing out that Tor is used by some good people and some bad people some of the time is useless on its own.
Personally, I have a suspicion, that despite my love of freedom, Tor usage is probably primarily paranoid people and drugs, and a small percentage facilities anonymous exploitation of children in a way that no other technology can. I would love to be proved wrong and see some facts that Tor is actually a net good for the world.
Also one thing I've noticed is that the majority of good use cases for Tor you can achieve with just the Tor browser, whereas the majority of bad use cases you need Tor hidden services. E.g. as a journalist you can still use Tor browser to talk to your sources anonymously. But try hosting a drugs website or child porn on the clear net: you need Tor hidden services for that. Basically you'd only really use hidden services if you want to host content that is banned in every country, e.g. pedophilia or drug network. Whereas if you're a freedom fighter, why not use Tor to connect to a Wordpress website hosted in a country that's sympathetic to your cause? I just don't see a use case for hidden services. Yes, it is less trust in a central provider, but at what cost? You can also just move hosting countries. "At what cost" goes back to the first two questions and it would be interesting to know how we all feel about it.
Sure, but this is moving the goalposts. First it was: "It's used for good things, not evil things!". And now it's "actually, who cares, this is a good thing anyway". Now we're arguing over the pros and cons of freely available drugs, including ones such as fentanyl. I often find debates around Tor (and other things too) are like this: you discover half the people you're arguing with are ideologically driven. Are we arguing about the fundamental facts of how Tor is used, or the fundamental morals we should have?
Is it really moving the goalposts? Tor being used to buy drugs came into the discussion because of the moral implications of developing a tool that can be used for bad things. There are two things in that discussion: what are the usage statistics of Tor (for example: 20% drugs, 10% child pornography, 50% oppressed people, 20% "noise". This is a pure invention and I have no idea if this reflects or not the actual usage of Tor), and are those things morally good or bad.
The discussion turned around "Tor is used a lot to buy drugs, which is bad". At least that's how I interpreted this part of your comment:
> Personally, I have a suspicion, that despite my love of freedom, Tor usage is probably primarily paranoid people and drugs, and a small percentage facilities anonymous exploitation of children in a way that no other technology can. I would love to be proved wrong and see some facts that Tor is actually a net good for the world.
You didn't directly said that buying drugs on Tor is bad, that's my assumption, but I think that it's a fair assumption considering what you wrote. So my point was a refutation that Tor being used to buy drugs is necessarly a bad thing.
> Are we arguing about the fundamental facts of how Tor is used, or the fundamental morals we should have?
I think both are important if you want to determine whether Tor is a net plus or minus. I don't have any statistics to contribute and don't want to pretend that I have any. I think that if you take a point of view close to "drugs users will buy drugs anyway" and "drugs users shouldn't be exposed to more dangers just because they want to buy drugs", drugs on Tor can be seen as a positive. Of course you're free to disagree on those two views.
My personal view is that I like some drugs (weed, DMT, mushrooms) and will ebulliently buy them and encourage most others to as well, but I’m skeptical that allowing random people to sell heroin, fentanyl and meth is a good idea. But I don’t know if dark net markets are good or evil given the state many addicts find themselves in. Perhaps in my above posts I was conflating “bad” with “criminal” though.
The reason I said it was moving the goalposts is because the initial arguments implicitly assumed drug markets were bad and only listed reasons “Union workers , journalists, security researchers, IT managers, lawyers, and judges and prosecutors” (really curious how some of those really need Tor by the way), but I appreciate you’re a different person so I shouldn’t have said that. The pros and cons of drug markets is a difficult debate. Regardless, I do think a lot of support (and criticism) for Tor is ideologically driven and no amount of statistics about drugs or child porn will change some people’s minds because they simply ideologically like (or hate) the concept at a fundamental level. I suppose it’s the same for all political issues?
A more apt comparison might be crowbar manufacturers, since that is something people often associate with criminals even though it is a very legitimate tool in many other uses.
I wonder how the creators of the internet can live with themselves knowing that they facilitated all the horrible things that go on the internet. I know that I can't do that, so kudos to them.
For all of the bad people using tools like Tor, there are also plenty of good (and more importantly, innocent) people. Researchers, journalists, minorities, residents of oppressive regimes.
Like most things, anonymity can be abused. However, as the saying goes, "don't throw the baby out with the bathwater".
If you pay government taxes in any capacity anywhere, I wonder how you will live with yourself knowing that you're directly facilitating all the horrible things that governments do, like drop bombs on humans for oil and bulldoze homes.
Using C for this purpose (application processing untrusted data) is absolutely terrifying. Already when it was invented, C was a step backwards in terms of language design.
C has been very successful, and there are definitely advantages like the ubiquitous support, but its lack of memory safety is causative for three quarters of all security bugs in software that is built in it. This share has been found by multiple independent projects so it's kind of a constant.
And Tor is not just a random networked application, it manages data highly interesting for state level actors.
Because C makes it really really easy to write test-free unsafe crap.
The list of bugs caused by use if C is genuinely ridiculous.
Now, I think there are ways to write robust C - I don't get many bugs now that I usually use AddressSanitizer and a static analyzer (the GCC one is really nice) but that simply isn't good enough any more for high-reliability code.
You know what tor needs far more than a rewrite in some corporate meme language? Someone to work on the onion services side. There's plenty of people working on the pseudoanonymous proxy to the clear web features but .onion is left to decay and rot (https://blog.torproject.org/v2-deprecation-timeline).
Because of the lack of developer resources or anyone at the tor project giving a damn they have removed support for all tor v2 as of october 15th (a week ago). And this is extremely silly since >90% of HSDirs are tor v2 (https://www.encryptionin.space/tracking-hsdirs-and-the-versi...). But they don't have the resources to maintain the (slightly less secure) v2 stuff alongside v3, so they're just throwing the entire 15 years of all of tor's domains, linking, search indices, and writing in the trash and starting anew from very few users and little infrastructure.
And apparently no one cares that Tor has deleted itself. No news. No blog posts. Nothing but the well hidden post and upset comments from a year ago. I've talked to various people on their IRC and they say even if people continue to run tor v2 supporting clients The Tor Project will eventually push out their centralized consensus flag to ban them from the network.
Off-topic, but can someone tell me if this comment is phrased properly? I suspect that using "with" twice in the sentence is a little bit wrong, but I don't know how to correct it.
Personally I would say: “the issue with v2 is its design, not its implementation” or “one of the issues with v2 is its design, not its implementation”.
However your initial phrasing is perfectly intelligible, and probably grammatical (not that that’s so important, if it’s intelligible).
The way users of v2 effect the safety of v3 and the tor project is in terms of directory and resources, etc, and potential exhaustion attacks native to v2. But with porting and some work most of this could be mitigated. The safety of the hash and the length used couldn't but there still isn't a real world example of a collision in use. It's pretty drastic to entirely throw away 15 years of inter-linking, indices, etc when <5% of users (probably less) of onion services have switched to v3.
55 comments
[ 3.4 ms ] story [ 40.7 ms ] threadI worked with the author a few times while he was at Citrix. Always struck me as extremely clever and pragmatic, I think Tor has gained a real asset.
[0] https://www.theregister.com/2015/11/01/no_were_not_sorry_for...
Can you say the same thing about electricity?
Again, I'm not saying that Tor should be shut down, it's just unsettling to work on something that the majority of its usage is "bad".
They all have legitimate use cases for it.
And nobody has any idea what "most" (according to which metric anyway? Bandwidth, number of connections?) of TOR usage is for.
There was an interesting talk at fosdem a few years back about the network and its users https://archive.fosdem.org/2019/schedule/event/tor_project/
His analogy is spot on.
These things are the most newsworthy which is why you hear about them most often. Don't conflate "most newsworthy" with the "most common" use case for Tor.
Every time I have needed to bypass a stupid local filter to read one of my favorite news sources (torrentfreak.com). Every time I've wanted to see what my website/project looks like to people from a variety of geographically different IP addresses.
Personally, I have a suspicion, that despite my love of freedom, Tor usage is probably primarily paranoid people and drugs, and a small percentage facilities anonymous exploitation of children in a way that no other technology can. I would love to be proved wrong and see some facts that Tor is actually a net good for the world.
Also one thing I've noticed is that the majority of good use cases for Tor you can achieve with just the Tor browser, whereas the majority of bad use cases you need Tor hidden services. E.g. as a journalist you can still use Tor browser to talk to your sources anonymously. But try hosting a drugs website or child porn on the clear net: you need Tor hidden services for that. Basically you'd only really use hidden services if you want to host content that is banned in every country, e.g. pedophilia or drug network. Whereas if you're a freedom fighter, why not use Tor to connect to a Wordpress website hosted in a country that's sympathetic to your cause? I just don't see a use case for hidden services. Yes, it is less trust in a central provider, but at what cost? You can also just move hosting countries. "At what cost" goes back to the first two questions and it would be interesting to know how we all feel about it.
The discussion turned around "Tor is used a lot to buy drugs, which is bad". At least that's how I interpreted this part of your comment:
> Personally, I have a suspicion, that despite my love of freedom, Tor usage is probably primarily paranoid people and drugs, and a small percentage facilities anonymous exploitation of children in a way that no other technology can. I would love to be proved wrong and see some facts that Tor is actually a net good for the world.
You didn't directly said that buying drugs on Tor is bad, that's my assumption, but I think that it's a fair assumption considering what you wrote. So my point was a refutation that Tor being used to buy drugs is necessarly a bad thing.
> Are we arguing about the fundamental facts of how Tor is used, or the fundamental morals we should have?
I think both are important if you want to determine whether Tor is a net plus or minus. I don't have any statistics to contribute and don't want to pretend that I have any. I think that if you take a point of view close to "drugs users will buy drugs anyway" and "drugs users shouldn't be exposed to more dangers just because they want to buy drugs", drugs on Tor can be seen as a positive. Of course you're free to disagree on those two views.
The reason I said it was moving the goalposts is because the initial arguments implicitly assumed drug markets were bad and only listed reasons “Union workers , journalists, security researchers, IT managers, lawyers, and judges and prosecutors” (really curious how some of those really need Tor by the way), but I appreciate you’re a different person so I shouldn’t have said that. The pros and cons of drug markets is a difficult debate. Regardless, I do think a lot of support (and criticism) for Tor is ideologically driven and no amount of statistics about drugs or child porn will change some people’s minds because they simply ideologically like (or hate) the concept at a fundamental level. I suppose it’s the same for all political issues?
On the other hand, I consider fighting against mass surveillance and for maintaining privacy a good thing.
Like most things, anonymity can be abused. However, as the saying goes, "don't throw the baby out with the bathwater".
I don't get why so many people are so terrified by C. It's been working well for almost 50 years.
C has been very successful, and there are definitely advantages like the ubiquitous support, but its lack of memory safety is causative for three quarters of all security bugs in software that is built in it. This share has been found by multiple independent projects so it's kind of a constant.
And Tor is not just a random networked application, it manages data highly interesting for state level actors.
The list of bugs caused by use if C is genuinely ridiculous.
Now, I think there are ways to write robust C - I don't get many bugs now that I usually use AddressSanitizer and a static analyzer (the GCC one is really nice) but that simply isn't good enough any more for high-reliability code.
If you count being the source of countless security vulnerabilities "working well."
It's pretty senseless to use C in security-sensitive contexts. Let alone Tor.
Because of the lack of developer resources or anyone at the tor project giving a damn they have removed support for all tor v2 as of october 15th (a week ago). And this is extremely silly since >90% of HSDirs are tor v2 (https://www.encryptionin.space/tracking-hsdirs-and-the-versi...). But they don't have the resources to maintain the (slightly less secure) v2 stuff alongside v3, so they're just throwing the entire 15 years of all of tor's domains, linking, search indices, and writing in the trash and starting anew from very few users and little infrastructure.
And apparently no one cares that Tor has deleted itself. No news. No blog posts. Nothing but the well hidden post and upset comments from a year ago. I've talked to various people on their IRC and they say even if people continue to run tor v2 supporting clients The Tor Project will eventually push out their centralized consensus flag to ban them from the network.
No it won't, the issues with v2 are with its design, not its implementation.
However your initial phrasing is perfectly intelligible, and probably grammatical (not that that’s so important, if it’s intelligible).