A Tor Project grandee sought to correct some misconceptions about the anonymizing network during a presentation at the DEF CON hacking convention in Las Vegas on Friday.
Roger Dingledine, one of the three founders of the Tor Project, castigated journos for mischaracterizing the pro-privacy system as a bolthole exclusively used by drug dealers and pedophiles to hide from the authorities.
In fact, he said, only three per cent of Tor users connect to hidden services, suggesting the vast majority of folks on the network are using it to anonymously browse public websites for completely legit purposes. In other words, netizens – from journalists to activists to normal peeps – use Tor to mask their identities from website owners, and it's not just underworld villains.
Dingledine even went as far as saying the dark web – a landscape of websites concealed within networks like Tor – is so insignificant, it can be discounted.
Only 3%, but what a 3% it is, eh?
(Score: 0) by Anonymous Coward on Monday July 31, @06:59AM
I think he's wrong.
He should be looking at money: how much money is connected to "legitimate" traffic, and how much is connected to provably illegal behavior?
It's a lot like political donations in the US: many individuals donated to Bernie Sanders, but Hillary Clinton got more money.
(Score: 1, Funny) by Anonymous Coward on Monday July 31, @07:05AM (2 children)
3% of my body is muh DICK
(Score: 0) by Anonymous Coward on Monday July 31, @07:43AM
Only 3% of you is raping children with the Dark Web. If you are caught and imprisoned, you will be eligible for parole after 219 days.
(Score: 2) by Runaway1956 on Monday July 31, @09:04AM
Not funny, but wrong. I learned in boot camp, and again when I became an EMT that the groin area is only 1% of the body. Let me find the "Rule of Nines" for burn victims for you . . .
http://www.emedicinehealth.com/burn_percentage_in_adults_rule_of_nines/article_em.htm [emedicinehealth.com]
What's more, people who brag the most about how big their dicks are, are most likely to be "inadequate". So, we can assume that you are actually working with something like 0.25%.
(Score: 3, Insightful) by kaszz on Monday July 31, @07:33AM
The greater problem is that (fake) journalists try to disparage privacy tools in the eye of the public and by extension law makers. Just like using computers were presented first as "uncool" and then only done for nefarious purposes.
The same power and money that flows to political candidates also flows to editors of "news" media. The sources of course have other interests than citizens being able to protect themselves.
(Score: 3, Interesting) by c0lo on Monday July 31, @08:08AM (1 child)
How much of the 3% are:
- hidden services pertaining to .cia, .nsa and .mil? (given that Tor was initially designed "with the purpose of protecting U.S. intelligence communications online." [wikipedia.org])
- honeypots ran by "children"? (the internet, where men are men, women are men and children are FBI agents [tvtropes.org])
(Score: 0) by Anonymous Coward on Monday July 31, @09:20AM
I realize this is a stupid question, but I'm asking for a friend: if the Tor network is anonymous how does he know only 3% of the traffic is connecting to hidden services? If the destinations are that easy to determine wouldn't some TLA just analyze them and see what those 3% are offering?
Reply to This
(Score: 3, Insightful) by maxwell demon on Monday July 31, @08:12AM (4 children)
This text makes it appear as if every use of a hidden service would imply a crime. IIRC SoylentNews can also be accessed as a hidden service. Doing so would be no more a crime than accessing it through the open web.
(Score: 0) by Anonymous Coward on Monday July 31, @09:02AM (2 children)
If they have statistics indicating that 3 percent of the network is connecting to hidden services: Doesn't that mean they have far too much metadata on what traffic is passing through the network, and a general idea of where?
As a followup to that: If only 3 percent of the network is using hidden services, then does that really provide enough cover traffic to not provide statistical analysis of traffic patterns to help direct hacking and deanonymization efforts against services and clients?
Just playing Devil's Advocate here, but given the lack of fixed packet sizes to help defeat traffic analysis, there are lots of passive and partially active attacks that could be taking place on the Tor network. Additionally, how many of you have used Tor Browser Bundle and noticed that your circuits all seem to either go through hops on different Class A's but all through the same country's GeoIP DB and went not, all hop through either Warsaw Pact countries, or 5 eyes countries.
While us common users may not be qualified to analyze and work out possible attacks on the network, there seems to be lots of passive observation we as individuals should be providing to each other to reliably determine if Tor is secure or compromised, and if attacks are taking place on the network. I personally still use it, but with every passing year Tor is becoming less trustworthy in my opinion, and no new alternatives are being developed to complement or replace it. I2P for instance is almost as old as Tor, but has many of the same shortcomings, in addition to a far smaller network. Most ISPs will either traffic throttle Tor/I2P nodes, or outright ban them on their network, limiting the point of failures/compromise for the networks to a few major targets/hubs which do allow them. And all of these is not taking into consideration the possible compromise of nodes via TrustZone, ME, or PSP management engines in CPUs, or Windows 10 Telemetry services allowing the possibility of remote exfiltration of private keys allowing after-session analysis of traffic without the need to brute force the encryption or concern oneself with session key changes (having the keys passively sniffed and documented when they were first generated/used could make a huge difference in analyzing presumed private traffic.) Even as people give up their privacy to corporations and social media, most assume they have some sort of privacy in their personal life, whether by using anonymity tools like Tor/I2P or because 'who is going to bother watching video feeds of me as I wander town. The problem is: One they do, and if they have all the historical recordings to go back through, you will have literally no way as a normal human being to escape. The technological hell we have wrought gets closer every day, and the people fighting back against it seem to get fewer in number by the year, some of them even resembling the pod people in how they suddenly change their tune for reasons you don't understand (unless you saw their doppelgangers climbing out of their pod.
(Score: 0) by Anonymous Coward on Monday July 31, @09:10AM
There are no Warsaw Pact countries, as the Warsaw Pact has been dissolved 26 years ago. In fact, quite a few former Warsaw Pact countries are now NATO countries.
(Score: 2) by Runaway1956 on Monday July 31, @09:16AM
"possible compromise of nodes via TrustZone, ME, or PSP management engines in CPUs, or Windows 10 Telemetry services allowing the possibility of remote exfiltration of private keys allowing after-session analysis of traffic"
Let's keep in mind that such exfiltration would apply to just about any encryption scheme.
(Score: 0) by Anonymous Coward on Monday July 31, @09:22AM
To be fair, some posts on SN are a crime. Not yours, of course, but I can't say the same for others.
