SoylentNews is people
SoylentNews
A Tor Project grandee sought to correct some misconceptions about the anonymizing network during a presentation at the DEF CON hacking convention in Las Vegas on Friday.
Roger Dingledine, one of the three founders of the Tor Project, castigated journos for mischaracterizing the pro-privacy system as a bolthole exclusively used by drug dealers and pedophiles to hide from the authorities.
In fact, he said, only three per cent of Tor users connect to hidden services, suggesting the vast majority of folks on the network are using it to anonymously browse public websites for completely legit purposes. In other words, netizens – from journalists to activists to normal peeps – use Tor to mask their identities from website owners, and it's not just underworld villains.
Dingledine even went as far as saying the dark web – a landscape of websites concealed within networks like Tor – is so insignificant, it can be discounted.
Only 3%, but what a 3% it is, eh?
(Score: 3, Insightful) by maxwell demon on Monday July 31 2017, @08:12AM (8 children)
This text makes it appear as if every use of a hidden service would imply a crime. IIRC SoylentNews can also be accessed as a hidden service. Doing so would be no more a crime than accessing it through the open web.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Monday July 31 2017, @09:02AM (4 children)
If they have statistics indicating that 3 percent of the network is connecting to hidden services: Doesn't that mean they have far too much metadata on what traffic is passing through the network, and a general idea of where?
As a followup to that: If only 3 percent of the network is using hidden services, then does that really provide enough cover traffic to not provide statistical analysis of traffic patterns to help direct hacking and deanonymization efforts against services and clients?
Just playing Devil's Advocate here, but given the lack of fixed packet sizes to help defeat traffic analysis, there are lots of passive and partially active attacks that could be taking place on the Tor network. Additionally, how many of you have used Tor Browser Bundle and noticed that your circuits all seem to either go through hops on different Class A's but all through the same country's GeoIP DB and went not, all hop through either Warsaw Pact countries, or 5 eyes countries.
While us common users may not be qualified to analyze and work out possible attacks on the network, there seems to be lots of passive observation we as individuals should be providing to each other to reliably determine if Tor is secure or compromised, and if attacks are taking place on the network. I personally still use it, but with every passing year Tor is becoming less trustworthy in my opinion, and no new alternatives are being developed to complement or replace it. I2P for instance is almost as old as Tor, but has many of the same shortcomings, in addition to a far smaller network. Most ISPs will either traffic throttle Tor/I2P nodes, or outright ban them on their network, limiting the point of failures/compromise for the networks to a few major targets/hubs which do allow them. And all of these is not taking into consideration the possible compromise of nodes via TrustZone, ME, or PSP management engines in CPUs, or Windows 10 Telemetry services allowing the possibility of remote exfiltration of private keys allowing after-session analysis of traffic without the need to brute force the encryption or concern oneself with session key changes (having the keys passively sniffed and documented when they were first generated/used could make a huge difference in analyzing presumed private traffic.) Even as people give up their privacy to corporations and social media, most assume they have some sort of privacy in their personal life, whether by using anonymity tools like Tor/I2P or because 'who is going to bother watching video feeds of me as I wander town. The problem is: One they do, and if they have all the historical recordings to go back through, you will have literally no way as a normal human being to escape. The technological hell we have wrought gets closer every day, and the people fighting back against it seem to get fewer in number by the year, some of them even resembling the pod people in how they suddenly change their tune for reasons you don't understand (unless you saw their doppelgangers climbing out of their pod.
(Score: 1, Informative) by Anonymous Coward on Monday July 31 2017, @09:10AM
There are no Warsaw Pact countries, as the Warsaw Pact has been dissolved 26 years ago. In fact, quite a few former Warsaw Pact countries are now NATO countries.
(Score: 3, Insightful) by Runaway1956 on Monday July 31 2017, @09:16AM
"possible compromise of nodes via TrustZone, ME, or PSP management engines in CPUs, or Windows 10 Telemetry services allowing the possibility of remote exfiltration of private keys allowing after-session analysis of traffic"
Let's keep in mind that such exfiltration would apply to just about any encryption scheme.
(Score: 0) by Anonymous Coward on Monday July 31 2017, @07:42PM
Tor doesn't rely on "chaffing" (if you will). It relies the multi-layered encryption and on an attacker--or group of attackers--not controlling too much of the Internet or too many Tor nodes.
A couple of years ago it was shown that an attacker running a guard node could could detect sites running hidden services. [arstechnica.com] I don't know whether there's a defence against that now.
It changes randomly. Keep checking and you'll see other variations.
(Score: 0) by Anonymous Coward on Tuesday August 01 2017, @06:43AM
Tor doesn't rely on "chaffing" (if you will). It relies the multi-layered encryption and on an attacker--or group of attackers--not controlling too much of the Internet or too many Tor nodes.
A couple of years ago it was shown that an attacker running a guard node could could detect sites running hidden services. [arstechnica.com] I don't know whether there's a defence against that now.
(Score: 0) by Anonymous Coward on Monday July 31 2017, @09:22AM (1 child)
To be fair, some posts on SN are a crime. Not yours, of course, but I can't say the same for others.
(Score: 0) by Anonymous Coward on Monday July 31 2017, @11:44AM
You've reported these 'crimes' of course? [freeadvice.com]
(Score: 1, Informative) by Anonymous Coward on Monday July 31 2017, @04:28PM
The .onion links for SoylentNews are listed on the "about" page [soylentnews.org].