I hope not. Tor being used for whistleblowing and censorship circumvention is one thing, but the onion network is pure anarchy and probably the worst case scenario of what the internet could become.
It is useful as a free-for-all outside of censorship.
You probably don't want an area free from censorship most people don't. I browse with safe images enabled when searching google images. Once in awhile I'll open it up and see a world that didn't exist before. I don't think that world should be removed even if I rarely visit.
Tor never claimed resiliency against large-scale traffic correlation attacks. Anyone who can look at a sufficient portion of all internet traffic has a good chance of deanonymizing TOR users. The Snowden revelations could lead one to believe that the US is sniffing enough traffic to make this viable, but it's anyone's guess if they collect and synchronize enough data to make deanonymization of TOR users viable.
I2P always looked more promising to me, and more open about its threat model [1] and potential mitigations. But it's not built for browsing the open internet, so it has a somewhat different niche.
Running an exit relay from home would be a very bad idea, and if your IP frequently changes you might not be picked as guard relay. But I don't see why you couldn't run a middle relay from home, as long as you don't have a traffic cap.
You can run an exit relay from home, at least in the US. There are some ISPs (mostly on the East coast, afaict) that may not help you, but most of them seem to understand how the laws work.
Mesh networks that don't operate as an overlay network could in theory be pretty effective to avoid large-scale traffic correlation attacks. If we assume that the US has effective control over the whole backbone network, and enough control inside the network of most commercial available ISP's, then there isn't much mixing networks can do. An adversary can always observe, inject, throttle, speed up, block and otherwise disturb the network flow in order to determine who is talking to whom.
Tor was originally written by US intel agencies specifically to provide cover for spies. The release of the software to the public was specifically to provide plausible deniability for those spies. So there's always going to be some level of control and knowledge the US has about the network.
If your threat model is anything weaker than a hostile nation state then Tor is still probably good enough to use as a darknet. If you're doing anything illegal over Tor then you probably should be more worried about OPSEC failures or rubber-hose cryptanalysis.
Are you sure it was supposed to provide "cover for spies"? AFAIK onion routing was an invention of the US Naval Research Laboratories and was public from the beginning. If you want "spies" to use it, you don't want them connecting to known gateways. High anonymity (simplex) is why number stations are still a thing.
They're still a thing as recently as a year or two ago when I looked into it. They're "perfect" in that the receiver can't be identified from the message or its channel (other than catching him with his radio), and that the message cannot be reversed (encoded w/ a one time pad). So they're hard to replace.
It's better than Tor in a few ways, in particular how it handles DDOS attacks. I2P is also more focused on facilitating hidden services (eepsites) than being a clearnet proxy.
There's also Yggdrasil, although it doesn't seem particularly concerned about anonymity.
> Tracked as KAX17, the threat actor ran at its peak more than 900 malicious servers part of the Tor network, which typically tends to hover around a daily total of up to 9,000-10,000.
One thing i didn't catch is how they are sure that this is "one" great actor. Surely some of these servers were registered with the same fake mail address, but it seems that otherwise they are spread around the world and pretty anonymous. Did i miss something?
It's hinted at in the article that these servers are not stock servers, and the author is able to detect similar divergent behavior in all of these nodes, implying they are all the same non-standard tor software that is doing... something.
I asked this same question on HN a short time ago. The modifications are advanced and not public, so anyone using them is suspected of being related to the same entity. There are also potentially other signature-worthy variables being observed as well.
Another mistake Tor tends to make is assuming 1 IP = 1 server. In theory someone could point 9,000 IP addresses at a single server. In practice this would be obvious when the bandwidth for it sucks, but it could easily be a single cluster of servers in one location with a bunch of addresses routing to it.
Not really related to the article, but what's the origin of picutres like the one used in the article? A few years ago https://www.humaaans.com/ was all the rage, is this something like this too? I can't imagine that each of these images is individually produced, I feel like they are assembled, but I can't find the origin.
Edit: answering my own question, https://blush.design/ (link found on the humaans page) has things that look a lot like that. So that's probably the origin. There are multiple artists listed on the website (https://blush.design/artists) but I can't tell which one did what. I can understand that it's very practical to be able to mix and match parts of images like that, but I personally find them very unappealing. But seeing how much they are used, maybe most people like them?
Eh, it's more common than that. I worked for a roboinvestor tech company that paid an artist to draw a bunch of this crap. The deal was that it was supposed to appeal to Gen-Zers, with diverse racial cartoon characters doing their best not to look like they were at work. It seemed super cringey to me at the time
Tor in 20202: We've succesfully killed off 90% of all actually used (as opposed to botnet) tor onion services and we're happy about it. We're protecting our end users from themselves by forcing the removal of Tor v2 protocol from the codebase. We don't care because onion services were never really something we cared about, just an add-on to trick people into thinking Tor was a real network worth building a community in. It isn't. Tor is only for people who want a pseudoanonymous clear web proxy. Forget .onion domains.
Your link shows that there were about 170k v2 onion addresses in September 2020, while there were about 550k v3 onion addresses at that same date. The trends were only pointing up for v3 addresses while pointing down for v2 ones.
I can't blame you for just skimming, but you've come away with a mistaken interpretation.
Yes, there are a ton of v3 onions created quite suddenly but they don't stick around for long and aren't associated with human people. The Tor project technical blog on v3 onion services suggests most of the v3 services are "barely used" and setup to merely act as slave services for a malicious botnet. https://blog.torproject.org/v3-onion-services-usage . Human people actually run websites (and other services) from v2 addresses and there are far more of them even now than actual human used v3 addresses if you can extrapolate anything from onion descriptor information in the hidden service directory.
Removing the v2 code from clients and falsely stating v2 onions aren't valid URLs is lying to users to protect them from a potential future threat. But that protection comes at the cost: the destruction of the entire 15 year history of communities and interlinking and search indices for onionland. To protect the community they have destroyed it.
A v3 community might come in the future, and I hope it will, but right now v3 .onions are pretty much just bots and a few big names that have created new v3 services. The rest is botnet v3 .onions.
What I want, what everyone in the tor project comment thread on the depreciation post wants, is for v2+v3. Not just v2. Even now most tor relays support v2 and will until the tor project puts out a version consensus flag that blocks older tor. But they can't do that any time soon because most tor infrastructure still supports v2.
I'm still not understanding why the 15 year history of communities was not able or willing to act on the 13 months of warning, and months of discussion before that. There was more than ample time to prepare.
Surely you don't expect a project like Tor to simply ignore security forever going forward because "people still use it"? Should Tor just stay V2, security be damned? I don't think Tor's main goal is to ensure your community stays friends; the goals are a bit loftier.
I wonder if you hold the same views on any other security-related thing like cryptography or password storage. We'd still be at 8 character, lower-case only, truncated passwords "because people built infrastructure for it".
Because tor v2 and v3 are not compatible. You can't just make all the links everyone ever made on any site, or entries in any search index, suddenly point to a new URL.
You can announce v2 is going to disappear and say that everyone should try to port what they can, but most don't. Only the big sites and their users actually have any pseudo-continuity through their efforts. And even then all the links stop working.
The fact that people didn't port is not an argument that they shouldn't have ported.
Tor is primarily a security and privacy project. Arguing that they should keep an insecure version because people decided to ignore the security implications of that insecure version is an awful argument. Especially when those people had well over a year to execute.
Your use case for Tor seems to be unrelated to the projects goals.
I just don't get GP's point. If the workings of the system compromise its entire premise, of course they upgrade the system so that it matches the original intentions. It's like they shouldn't have deprecated old SSL and TLS versions, because some web services still only use those. I can't imagine an active community having trouble with this.
The problem is that the URLs themselves got deprecated: the entire interlinked ecosystem got destroyed. Maybe think of what would happen if all of our current TLDs got deprecated tomorrow, and in a year or two support for them would start getting dismantled. Every single link anyone has ever posted on Hacker News is now broken. Now what?
You are all making it sound like this isn't some big deal: that people just needed to "get their act together"... but how do you rebuild the world wide web after breaking every link in the web? Whose job is it even to fix every single link on every single page and stored in every single comment in every single database?
Now, you can certainly argue that the old system was broken by insecurity and thereby had to die. But that just means the entire concept of onion services was some temporary art project more than a platform on which people could build the kind of ecosystem we have on the "normal" world wide web. At best, it means that people needed to come up with some extremely different way of thinking about what those .onion addresses really were, as they were clearly more like IP addresses than hostnames.
I personally can't help but think there could have been some better transition plan. Like maybe a mechanism where people can leave cross-signed redirects from v2 to v3 domains, and maybe even they would only be honored if signed before some date, or maybe there is a disambiguation dialog for competing redirects that also shows the time the redirect was published (these being attempts to deal with "in the future someone could crack this and start making arbitrary redirects for any old site").
But that clearly didn't happen and now that entire ecosystem is dead. Maybe it will rebuild, and maybe one day it will be stronger than it is now, but frankly... when that happens, wouldn't you expect people to start pointing out that the cryptography of the ECC curve they are using is now subject to breaking by quantum computers or whatever we have in another 15 years? Maybe they will handle that transition better, or maybe the mere thought of that will serve as a lesson to not rebuild inside that design.
Truly, though, a design that doesn't take this into consideration from the beginning is inherently flawed. As I noted in passing earlier: these .onion names were clearly more like IP addresses, and so you needed some kind of translation later on top of that to provide later portability. As much as I often hate on the current players in "decentralized DNS" (for various reasons that they could have avoided), that's the kind of concept that clearly is going to win the day going forward.
>Now, you can certainly argue that the old system was broken by insecurity and thereby had to die. But that just means the entire concept of onion services was some temporary art project
An insecure Tor is less than worthless.
Tor is not trying to be a community or be the next geocities. It is an evolving security and privacy project, adapting to the landscape as it needs to, in an effort to anonymize and protect it's users.
>a platform on which people could build the kind of ecosystem we have on the "normal" world wide web
This was never the goal of Tor, and may be the source of your frustrations. Tor has one fundamental mission: deploying free and open source anonymity and privacy technologies.
It is a shame that links will be broken, and it sucks that you feel like something you built up is being torn down. But arguing that it should be kept insecure because of the friends you've made along the way is exactly the opposite of Tor's mission statement.
> It is a shame that links will be broken, and it sucks that you feel like something you built up is being torn down.
FWIW, your comment is confusing either identities or motives: I have never myself built a .onion site, in no small part because I saw clearly a long time ago that the ecosystem was doomed: I carefully consider all of the tech I use for "sustainability". I am merely someone who is sitting on the sidelines, attempting to--and apparently succeeding, based on your sibling comment--at providing some context and translation in a disagreement.
> Tor is not trying to be a community or be the next geocities. ... This was never the goal of Tor, and may be the source of your frustrations.
I even have a lot of sympathy for your attempt here to seemingly agree with me that the .onion ecosystem could never be taken seriously for a "world wide web"-like ecosystem... but, then you seem to fail to realize the context of me responding to someone who was willing to believe that .onion could work and felt that the websites in question merely should have somehow updated sooner (forgetting that the web is, well, a "web" <- a mistake I actually think is understandable as it isn't necessarily immediately obvious).
> But arguing that it should be kept insecure because of the friends you've made along the way is exactly the opposite of Tor's mission statement.
I absolutely did no such thing, and it is disingenuous to claim such after literally quoting me providing and admitting the opposite argument in my comment. If you re-read my point, I even sketch out a potential securable transition plan for a "road not taken" that doesn't involve Tor being "kept insecure". The real travesty, frankly, is that Tor failed to understand the implications of what they had built and prepare people for the future.
You continually mentioned community, and seemed to portray yourself as an operator that refused to update to V3 to maintain your V2 community. I tried to empathize with that. My bad.
The 'friends along the way' was a cheeky comment referring to the communities you mentioned here and in other comments several times. It is certainly not the opposite of what you argued -- you are arguing for community and interoperability, and argued that Tor should maintain the insecure version for that interoperability.
To wit, you said "What I want, what everyone in the tor project comment thread on the depreciation post wants, is for v2+v3.".
This is equal to "Maintain the insecure version, do not deprecate it, because the community wants it".
We're obviously of two separate minds here. I didn't mean to step on toes or seem disingenuous. Just frustrated when I see people complain about necessary security upgrades, which were known over a year in advance, in a security product.
Thanks for the long message, I now get the point. However necessary the change, it's sure to drive some people away for good. Some kind of redirection mechanism would have handled this nicely.
Now that I'm thinking about this, a browser extension could handle this - with JavaScript enabled of course. It could come with a V2->V3 host mapping, and then scan the page and fix the links within. Or maybe do the mapping when the link is clicked or otherwise interacted with.
Zookos triangle is hard to solve but arguably has been by projects like namecoin and similar ETH-sphere projects
geti2p.net also has community registrars for .i2p domains and includes a built in hosts file of many of the sites, this involves a level of trust in the registries.
Thanks for sharing I’ve never heard of zookos triangle before. I’ve never looked into the crypto token solutions but presumably there’s still an issue of competing projects maintaining their own registries that would allow for domain collisions depending on which solution you use. Are there any in particular you’re fond of?
I don't know enough about the alternatives to namecoin to comment on them - i don't think any of them are used as much as even namecoin was at its height (which was still not much, but at least Wikileaks was using it and OpenNic supported it at one time). ZeroNet still uses it, but ZeroNet is in questionable shape right now.
Namecoin had issues with cyber squatting and spam, i would assume any alternatives significantly used would suffer a similar fate.
.onion was never very human friendly, i won't deny that v3 is worse in that regard but it wasn't feasible for everyone to generate gems like facebookcorewwwi. Most v2s having only a few vanity bytes at most were arguably unsafe since that allowed phishers to more easily trick users, i know the same applies to v3
Honest question: What would be the use case for Tor, as is compromised[1] and painfully slow (judging from my personal experience, using it in the US and Asia, across the years). Is there any occasion where it will be better to use Tor than your self-hosted VPN?
A point-by-point look of your source is a bit much for these comments (and they raise some great points that I either agree with or can't thoroughly rebut), but there's some interesting things in there that make me question the poster. They exclaim against being accused of spreading FUD, but use extremely emotional language and talk in absolutes when the reality is much less clear.
For example, they say "2017 court case proves FBI can de-anonymize Tor users", but immediately handwave the how away, because it's classified. Well then, that's not really a strong proof of Tor being compromised -- there are several ways the FBI could de-anonymize Tor users that have nothing to do with Tor itself (people being compromised by javascript, people posting pictures with metadata, people linking back to real-life accounts, people inadvertently posting identifiable information, people posting quasi-identifiable information that is correlated over time, people downloading XYZ that has a beacon in it, etc.)
I also can't help but wonder, if Tor is so thoroughly compromised and just a glowstick, why would the author finish with:
>For those who still want to access the Tor network, doing so through a reliable VPN service will add an extra layer of protection while hiding your real IP address.
If it's compromised to the core, a glowstick for LEA, enables the US government to "do spooky stuff", why bother giving a half-ass endorsement at the end of a hit piece?
"For those who still want to access the Tor network, doing so through a reliable VPN service will add an extra layer of protection while hiding your real IP address."
It is unclear to me if you meant to reply to me or someone else, because this is wholly unrelated to the criticisms I raised against the author of the source in the parent's post.
However, I will say, using Tor to access your VPN strips away much of the benefit of using Tor, to the point that you might as well just use a VPN (sans Tor). I suppose if you want a single-circuit Tor connection that appears to be a static non-Tor IP address, sure. But blindly recommending one way or the other without knowing someone's use case, threat analysis, and risk tolerance is foolish.
It comes down to statistics. Using a VPN you are using 1 entity, so all a state actor needs to do is view that one entity's traffic. This may be time consuming and legally challenging if the entity is trustworthy and has servers spread across the globe, but there is still only 1 point that they need to monitor - I suspect many VPN service users are not randomly switching servers. You said "self hosted" VPN which if you are doing that at home it provides no anonymity (which i'm assuming is the point of the comment since the context is Tor). If you host it at a server you are anonymously renting (good luck doing that without opsec failure), it is still only your traffic there, you have no benefit of blending in with others.
With Tor, you can be assured that your attacker needs to monitor more than some % of the network (which can be done either by running nodes themselves or having a wide view of netflow data). Alphabet soup agencies are capable of this, but these attacks are expensive and non-trivial which is why historically the FBI and such use browser exploits the most. You shouldn't rely on Tor alone to protect your life if your adversary is highly skilled or funded, but chalking it up to a VPN is completely discounting the benefit gained from a larger anonymity set in the world's biggest onion routing network.
Wow there's so much FUD, hyperbole, and rigged language there. "Interesting" exchanges alright.
They go ahead and make FBI and backdoors bold to shock the reader but conveniently rest of the context is left out. The actual context being Roger giving a talk about Tor at one of these conferences where you also have government entities voice their (guess guess) desire for backdooring and wiretapping the internet (while tech people from the industry aren't convinced). The same shit you see discussed openly in the public all the time anyway, probably just with more pleading from the FBI because it's so hard to solve crime without industry's help. Nothing unusual here. The wording of this fudpiece sounds like it's trying to implicate the Tor developer in planting backdoors for the FBI, which is not at all what the exchange is about if you read the context.
"Tor privately tips off the federal government to security vulnerabilities before alerting the public" is also complete FUD. I'm so glad I read the whole stack of FOIA'd documents before this text.
The context here is that BBG (Broadcasting Board of Governors) is using Tor to circumvent censorship in places like Iran, China, Saudi Arabia, and Russia. Alright you can call that a propaganda arm of the US government if you're so willing, but anyway, Tor is one of the tools they rely on. They need Tor to circumvent censorship, so they need to address vulnerabilities in Tor that make it easy to censor.
This "vulnerability" isn't one that FBI uses to catch a drug dealer or a hacker, it's a vulnerability that makes it easy to fingerprint and block Tor traffic. Now Tor's use has historically been quite easy to detect and block (see e.g. this FAQ entry from 2008 [1]) and fixing that has been a long road, I don't know where exactly they stand today. The "vulnerability" is just one among many and the possibility of fingerprinting TLS has been mentioned in the FAQ. It's not the kind of vulnerability you would have to scream and alert the public to (they should've already been aware that it is possible identify and block Tor traffic). Rather, it's something they should quietly research and figure out a solution to and hopefully stay ahead of the game w.r.t. regimes that may attempt to block Tor.
Discussing the draft proposal for fixing this TLS fingerprint vuln with the people who they are working together with to keep Tor useful in Iran etc. is exactly what the Tor project ought to do! The fact that these people happen to be employed by the U.S. Government doesn't seem particularly relevant. But suuure, "privately tipping off the feds to a vuln while keeping the public in the dark" is a nice way to twist it.
Here's the thing, there are issues with Tor, there are issues with anything because there is no technical solution to perfect anonymity. I would not bet my life on Tor. But knowing what it's good for and what its limits are, Tor is a very useful tool, and IMHO it can only get better if it gets more users and more relays. I would always recommend being vigilant and looking out for bugs, backdoors, and other sketchy stuff, but this fud piece just doing a disservice against itself with all the hyperbole. It sounds more like they've got an axe to grind.
> The original Tor design was easy to block if the attacker controls Alice's connection to the Tor network --- by blocking the directory authorities, by blocking all the relay IP addresses in the directory, or by filtering based on the fingerprint of the Tor TLS handshake. Some government-level firewalls could easi...
I wish that Apple had chosen to use Tor for their private relay feature instead of building their own (closed) system. It could have been a huge increase in traffic for the Tor network but instead they built a worse version.
84 comments
[ 2.3 ms ] story [ 1157 ms ] threadhttps://youtu.be/iItLpwkQMUQ&t=277
You probably don't want an area free from censorship most people don't. I browse with safe images enabled when searching google images. Once in awhile I'll open it up and see a world that didn't exist before. I don't think that world should be removed even if I rarely visit.
I2P always looked more promising to me, and more open about its threat model [1] and potential mitigations. But it's not built for browsing the open internet, so it has a somewhat different niche.
1: https://geti2p.net/en/docs/how/threat-model
In other countries you may not have such luck.
https://news.ycombinator.com/item?id=29634636
If your threat model is anything weaker than a hostile nation state then Tor is still probably good enough to use as a darknet. If you're doing anything illegal over Tor then you probably should be more worried about OPSEC failures or rubber-hose cryptanalysis.
OTP has to be delivered preserving secrecy. Transmitting a public key only needs to preserve integrity.
The best place to hide a tree is in a forest.
If you have both 'normal' users and spies connecting to this host, who will tell who's the spy?
https://geti2p.net
It's better than Tor in a few ways, in particular how it handles DDOS attacks. I2P is also more focused on facilitating hidden services (eepsites) than being a clearnet proxy.
There's also Yggdrasil, although it doesn't seem particularly concerned about anonymity.
https://yggdrasil-network.github.io/
Here are a few options.
https://sourceforge.net/projects/linuxkodachi/
Although it's not nearly as minimalistic as Tails.
Sure, they can listen in on you all they want, but what good is any of that if they can't use it against you in a court of law?
https://en.wikipedia.org/wiki/Parallel_construction
https://therecord.media/a-mysterious-threat-actor-is-running...
Edit: answering my own question, https://blush.design/ (link found on the humaans page) has things that look a lot like that. So that's probably the origin. There are multiple artists listed on the website (https://blush.design/artists) but I can't tell which one did what. I can understand that it's very practical to be able to mix and match parts of images like that, but I personally find them very unappealing. But seeing how much they are used, maybe most people like them?
https://www.reddit.com/r/starterpacks/comments/jwsagt/big_te...
https://www.reddit.com/r/starterpacks/comments/groh5e/big_te...
https://youtu.be/lFb7BOI_QFc
[0]https://en.m.wikipedia.org/wiki/Corporate_Memphis
https://www.worthpoint.com/worthopedia/1974-basic-computer-g...
https://www.darkowl.com/blog-content/tor-v2-depreciation-shi...
https://blog.torproject.org/v2-deprecation-timeline/
https://metrics.torproject.org/hidserv-dir-onions-seen.html
Your link shows that there were about 170k v2 onion addresses in September 2020, while there were about 550k v3 onion addresses at that same date. The trends were only pointing up for v3 addresses while pointing down for v2 ones.
Yes, there are a ton of v3 onions created quite suddenly but they don't stick around for long and aren't associated with human people. The Tor project technical blog on v3 onion services suggests most of the v3 services are "barely used" and setup to merely act as slave services for a malicious botnet. https://blog.torproject.org/v3-onion-services-usage . Human people actually run websites (and other services) from v2 addresses and there are far more of them even now than actual human used v3 addresses if you can extrapolate anything from onion descriptor information in the hidden service directory.
All of your links describe why V3 is more secure and superior to V2. Are you whining about the increased security, or am I misunderstanding your post?
If I'm not misunderstanding, why was the over one year of warnings and multiple years of discussions not enough time to prepare?
A v3 community might come in the future, and I hope it will, but right now v3 .onions are pretty much just bots and a few big names that have created new v3 services. The rest is botnet v3 .onions.
What I want, what everyone in the tor project comment thread on the depreciation post wants, is for v2+v3. Not just v2. Even now most tor relays support v2 and will until the tor project puts out a version consensus flag that blocks older tor. But they can't do that any time soon because most tor infrastructure still supports v2.
Surely you don't expect a project like Tor to simply ignore security forever going forward because "people still use it"? Should Tor just stay V2, security be damned? I don't think Tor's main goal is to ensure your community stays friends; the goals are a bit loftier.
I wonder if you hold the same views on any other security-related thing like cryptography or password storage. We'd still be at 8 character, lower-case only, truncated passwords "because people built infrastructure for it".
You can announce v2 is going to disappear and say that everyone should try to port what they can, but most don't. Only the big sites and their users actually have any pseudo-continuity through their efforts. And even then all the links stop working.
Tor is primarily a security and privacy project. Arguing that they should keep an insecure version because people decided to ignore the security implications of that insecure version is an awful argument. Especially when those people had well over a year to execute.
Your use case for Tor seems to be unrelated to the projects goals.
You are all making it sound like this isn't some big deal: that people just needed to "get their act together"... but how do you rebuild the world wide web after breaking every link in the web? Whose job is it even to fix every single link on every single page and stored in every single comment in every single database?
Now, you can certainly argue that the old system was broken by insecurity and thereby had to die. But that just means the entire concept of onion services was some temporary art project more than a platform on which people could build the kind of ecosystem we have on the "normal" world wide web. At best, it means that people needed to come up with some extremely different way of thinking about what those .onion addresses really were, as they were clearly more like IP addresses than hostnames.
I personally can't help but think there could have been some better transition plan. Like maybe a mechanism where people can leave cross-signed redirects from v2 to v3 domains, and maybe even they would only be honored if signed before some date, or maybe there is a disambiguation dialog for competing redirects that also shows the time the redirect was published (these being attempts to deal with "in the future someone could crack this and start making arbitrary redirects for any old site").
But that clearly didn't happen and now that entire ecosystem is dead. Maybe it will rebuild, and maybe one day it will be stronger than it is now, but frankly... when that happens, wouldn't you expect people to start pointing out that the cryptography of the ECC curve they are using is now subject to breaking by quantum computers or whatever we have in another 15 years? Maybe they will handle that transition better, or maybe the mere thought of that will serve as a lesson to not rebuild inside that design.
Truly, though, a design that doesn't take this into consideration from the beginning is inherently flawed. As I noted in passing earlier: these .onion names were clearly more like IP addresses, and so you needed some kind of translation later on top of that to provide later portability. As much as I often hate on the current players in "decentralized DNS" (for various reasons that they could have avoided), that's the kind of concept that clearly is going to win the day going forward.
An insecure Tor is less than worthless.
Tor is not trying to be a community or be the next geocities. It is an evolving security and privacy project, adapting to the landscape as it needs to, in an effort to anonymize and protect it's users.
>a platform on which people could build the kind of ecosystem we have on the "normal" world wide web
This was never the goal of Tor, and may be the source of your frustrations. Tor has one fundamental mission: deploying free and open source anonymity and privacy technologies.
It is a shame that links will be broken, and it sucks that you feel like something you built up is being torn down. But arguing that it should be kept insecure because of the friends you've made along the way is exactly the opposite of Tor's mission statement.
FWIW, your comment is confusing either identities or motives: I have never myself built a .onion site, in no small part because I saw clearly a long time ago that the ecosystem was doomed: I carefully consider all of the tech I use for "sustainability". I am merely someone who is sitting on the sidelines, attempting to--and apparently succeeding, based on your sibling comment--at providing some context and translation in a disagreement.
> Tor is not trying to be a community or be the next geocities. ... This was never the goal of Tor, and may be the source of your frustrations.
I even have a lot of sympathy for your attempt here to seemingly agree with me that the .onion ecosystem could never be taken seriously for a "world wide web"-like ecosystem... but, then you seem to fail to realize the context of me responding to someone who was willing to believe that .onion could work and felt that the websites in question merely should have somehow updated sooner (forgetting that the web is, well, a "web" <- a mistake I actually think is understandable as it isn't necessarily immediately obvious).
> But arguing that it should be kept insecure because of the friends you've made along the way is exactly the opposite of Tor's mission statement.
I absolutely did no such thing, and it is disingenuous to claim such after literally quoting me providing and admitting the opposite argument in my comment. If you re-read my point, I even sketch out a potential securable transition plan for a "road not taken" that doesn't involve Tor being "kept insecure". The real travesty, frankly, is that Tor failed to understand the implications of what they had built and prepare people for the future.
The 'friends along the way' was a cheeky comment referring to the communities you mentioned here and in other comments several times. It is certainly not the opposite of what you argued -- you are arguing for community and interoperability, and argued that Tor should maintain the insecure version for that interoperability.
To wit, you said "What I want, what everyone in the tor project comment thread on the depreciation post wants, is for v2+v3.".
This is equal to "Maintain the insecure version, do not deprecate it, because the community wants it".
We're obviously of two separate minds here. I didn't mean to step on toes or seem disingenuous. Just frustrated when I see people complain about necessary security upgrades, which were known over a year in advance, in a security product.
Now that I'm thinking about this, a browser extension could handle this - with JavaScript enabled of course. It could come with a V2->V3 host mapping, and then scan the page and fix the links within. Or maybe do the mapping when the link is clicked or otherwise interacted with.
I asked them about it at a talk when V3 was first being introduced, and they said they're working on a solution. Since then... ::crickets::
16 characters is doable, especially if it starts with 5-8 letters of word(s). 56 characters is not realistic.
geti2p.net also has community registrars for .i2p domains and includes a built in hosts file of many of the sites, this involves a level of trust in the registries.
https://en.wikipedia.org/wiki/Zooko%27s_triangle
Namecoin had issues with cyber squatting and spam, i would assume any alternatives significantly used would suffer a similar fate.
This is a very non trivial problem https://en.wikipedia.org/wiki/Zooko%27s_triangle
1- https://restoreprivacy.com/tor/
For example, they say "2017 court case proves FBI can de-anonymize Tor users", but immediately handwave the how away, because it's classified. Well then, that's not really a strong proof of Tor being compromised -- there are several ways the FBI could de-anonymize Tor users that have nothing to do with Tor itself (people being compromised by javascript, people posting pictures with metadata, people linking back to real-life accounts, people inadvertently posting identifiable information, people posting quasi-identifiable information that is correlated over time, people downloading XYZ that has a beacon in it, etc.)
I also can't help but wonder, if Tor is so thoroughly compromised and just a glowstick, why would the author finish with:
>For those who still want to access the Tor network, doing so through a reliable VPN service will add an extra layer of protection while hiding your real IP address.
If it's compromised to the core, a glowstick for LEA, enables the US government to "do spooky stuff", why bother giving a half-ass endorsement at the end of a hit piece?
You Tor to your VPN, you don't VPN to Tor.
However, I will say, using Tor to access your VPN strips away much of the benefit of using Tor, to the point that you might as well just use a VPN (sans Tor). I suppose if you want a single-circuit Tor connection that appears to be a static non-Tor IP address, sure. But blindly recommending one way or the other without knowing someone's use case, threat analysis, and risk tolerance is foolish.
Combine Tor with a VPN.
If your life is on the line with your content the more layers of protection the better.
Adding a VPN is another system that obfuscates and is not controlled by the same entity.
https://matt.traudt.xyz/posts/vpn-tor-not-mRikAa4h/
With Tor, you can be assured that your attacker needs to monitor more than some % of the network (which can be done either by running nodes themselves or having a wide view of netflow data). Alphabet soup agencies are capable of this, but these attacks are expensive and non-trivial which is why historically the FBI and such use browser exploits the most. You shouldn't rely on Tor alone to protect your life if your adversary is highly skilled or funded, but chalking it up to a VPN is completely discounting the benefit gained from a larger anonymity set in the world's biggest onion routing network.
They go ahead and make FBI and backdoors bold to shock the reader but conveniently rest of the context is left out. The actual context being Roger giving a talk about Tor at one of these conferences where you also have government entities voice their (guess guess) desire for backdooring and wiretapping the internet (while tech people from the industry aren't convinced). The same shit you see discussed openly in the public all the time anyway, probably just with more pleading from the FBI because it's so hard to solve crime without industry's help. Nothing unusual here. The wording of this fudpiece sounds like it's trying to implicate the Tor developer in planting backdoors for the FBI, which is not at all what the exchange is about if you read the context.
"Tor privately tips off the federal government to security vulnerabilities before alerting the public" is also complete FUD. I'm so glad I read the whole stack of FOIA'd documents before this text.
The context here is that BBG (Broadcasting Board of Governors) is using Tor to circumvent censorship in places like Iran, China, Saudi Arabia, and Russia. Alright you can call that a propaganda arm of the US government if you're so willing, but anyway, Tor is one of the tools they rely on. They need Tor to circumvent censorship, so they need to address vulnerabilities in Tor that make it easy to censor.
This "vulnerability" isn't one that FBI uses to catch a drug dealer or a hacker, it's a vulnerability that makes it easy to fingerprint and block Tor traffic. Now Tor's use has historically been quite easy to detect and block (see e.g. this FAQ entry from 2008 [1]) and fixing that has been a long road, I don't know where exactly they stand today. The "vulnerability" is just one among many and the possibility of fingerprinting TLS has been mentioned in the FAQ. It's not the kind of vulnerability you would have to scream and alert the public to (they should've already been aware that it is possible identify and block Tor traffic). Rather, it's something they should quietly research and figure out a solution to and hopefully stay ahead of the game w.r.t. regimes that may attempt to block Tor.
Discussing the draft proposal for fixing this TLS fingerprint vuln with the people who they are working together with to keep Tor useful in Iran etc. is exactly what the Tor project ought to do! The fact that these people happen to be employed by the U.S. Government doesn't seem particularly relevant. But suuure, "privately tipping off the feds to a vuln while keeping the public in the dark" is a nice way to twist it.
Here's the thing, there are issues with Tor, there are issues with anything because there is no technical solution to perfect anonymity. I would not bet my life on Tor. But knowing what it's good for and what its limits are, Tor is a very useful tool, and IMHO it can only get better if it gets more users and more relays. I would always recommend being vigilant and looking out for bugs, backdoors, and other sketchy stuff, but this fud piece just doing a disservice against itself with all the hyperbole. It sounds more like they've got an axe to grind.
[1] https://web.archive.org/web/20080415073019/https://wiki.torp...
> The original Tor design was easy to block if the attacker controls Alice's connection to the Tor network --- by blocking the directory authorities, by blocking all the relay IP addresses in the directory, or by filtering based on the fingerprint of the Tor TLS handshake. Some government-level firewalls could easi...