from the not-as-anonymous-as-you-thought dept.
Tor 0day: Finding IP Addresses - The Hacker Factor Blog:
Last February, my Tor onion service came under a huge Tor-based distributed denial-of-service (DDoS) attack. I spent days analyzing the attack, developing mitigation options, and defending my server. (The Tor service that I run for the Internet Archive was down for a few hours, but I managed to keep it up and running through most of the attack.)
While trying to find creative ways to keep the service up, I consulted a group of friends who are very active in the network incident response field. Some of these are the people who warn the world about new network attacks. Others are very experienced at tracking down denial-of-service attacks and their associated command-and-control (C&C) servers. I asked them if they could help me find the source of the attack. "Sure," they replied. They just needed my IP address.
I read off the address: "152 dot" and they repeated back "152 dot". "19 dot" "19 dot" and then they told me the rest of the network address. (I was stunned.) Tor is supposed to be anonymous. You're not supposed to know the IP address of a hidden service. But they knew. They had been watching the Tor-based DDoS. They had a list of the hidden service addresses that were being targeted by the attack. They just didn't know that this specific address was mine.
As it turns out, this is an open secret among the internet service community: You are not anonymous on Tor.
It turns out that there are some flaws in the design of Tor services, which this story very ably explains. Quite readable, too.
[NB: SoylentNews has supported Tor Since April 1, 2014 (yes, really). In light of today's story, is this something that SoylentNews should continue to support? I suspect bots are making use of it to create accounts here. It would probably require some work to disable Tor properly, so I am not anticipating immediate removal. This is more trying to get input from the community. What say you? --martyb]
Related Stories
- SoylentNews (this page): http://7rmath4ro2of2a42.onion
- Development Site: http://skgmctqnhyvfava3.onion
- Wiki: http://kvs3xgkasyoqd4hx.onion
- Site Status: http://kvs3xgkasyoqd4hx.onion
Since these services are accessible directly in the Tor Network, and do not need to pass through an exit node, it should be considerably faster to access SoylentNews via the onion links than going through directly. There are a couple of caveats you should be aware of though using this service.
(Score: 1, Interesting) by Anonymous Coward on Friday September 18 2020, @12:45PM (30 children)
Is the end-user not anonymous, or just the IP of the Tor server? There is a subtle and important difference, like ssh-ing into something; you can tell where I've ssh'ed into, but you can't see what I'm doing. Is it the case here where you can tell I'm connected to a Tor server (or that one is running at my IP address), but you can't see what I'm doing after that?
(Score: 3, Insightful) by shrewdsheep on Friday September 18 2020, @12:57PM (3 children)
I guess it means that if you run an exit node, you see the IP-addresses that traffic goes to. If you wait a bit or run a couple exit-nodes, you can harvest IP-addresses of onion-services. You then still have to match the onion address to the IP-address. Similar things hold for the users. If you have both entry and exit-nodes in the game, you can start matching entry- and exit packages using timing. The Tor network relies on volume. If enough users make enough simultaneous queries and enough parties provide nodes, the Tor network provides anonymity. As soon as any of those components becomes sparse, anonymity cannot be guaranteed any more. Same for the onion services: enough services with enough traffic are needed.
(Score: 2) by daver!west!fmc on Friday September 18 2020, @08:59PM
If you run a Tor exit node, there is some chance that you may have already tcpdump'd your exit node's outgoing traffic over coffee and wondered why so many packets are going to 152.19.mumble.mumble this morning. And maybe there's chatter about it on the mailing list or IRC channel or whatever. So when someone complains about the DDoS from Tor, you have some idea what his service's IP address is. You may not know his .onion address, but when he makes himself known to you and you try that IP address on him he suddenly realizes that he can be seen.
(Score: 3, Interesting) by Anonymous Coward on Saturday September 19 2020, @12:18AM
The basic thing is not so much timing, but a persistent stream of traffic.
Because the Tor network seems to be built around masking web reading or other intermittent traffic, not multi-gigabyte fiel transfers.
As long as you intermittently surf, only the guard node (the one closest to your own computer) will be static. The others will change intermittently.
But Tor can't reroute a persistent connection mid-flight, so if you are downloading a large file, the same chain of relay nodes and exit node (aka the node that it looks like you connect to the web from) will stay static for the duration.
And this is where the attack comes from, in that if someone has a "high" enough vantage point that they can track data streams from both end of the Tor network (inside the same nation or top tier ISP or something similar). And thus match volume in to volume out.
A potential "fix" that comes to mind is to make all Tor computers a potential guard or relay, so that not all data flowing through it is meant for the user or service running on it. but that in turn may well get more people at risk from government scrutiny, unless at least exit nodes are something one have to opt into being.
(Score: 2) by driverless on Saturday September 19 2020, @07:16AM
Insufficient data to support that conclusion. If you're running a Tor node that's being used for DDoS purposes then you don't need to do anything fancy except watch where the DDoS traffic is coming from. This isn't an attack on Tor, it's just watching for traffic.
(Score: 2, Informative) by Anonymous Coward on Friday September 18 2020, @12:58PM (11 children)
Of course a TOR gateway has a known IP address, otherwise how would you get in?
Of course a TOR server is going to have visible IP addresses, otherwise how would other TOR services use it?
TOR is layered on top of TCP/IP. What makes it (semi) anonymous for users is that: once they connect to a TOR gateway - if it's not a honeypot - that gateway proxies them out to a randomly selected endpoint and throws away all records of what it has done for them (if it's a honeypot, it will be forwarding any/all interesting information to the honeypot operators, such as law enforcement, and how can you really tell if a TOR gateway operator is NSA/FBI/Bubba at the Sheriff's office or not?)
So, when TOR is operating properly, you connect to it, it connects you to your server/pages of choice, and the server only knows that the request is coming from a TOR endpoint, plus whatever identity information you leak in your HTTPS page requests, such as cookies, etc. TOR gateway operators? Yeah bud, you just painted a big "MONITOR ME PLEASE" target on your IP address.
(Score: 0) by Anonymous Coward on Friday September 18 2020, @01:52PM (2 children)
This makes sense to me, to the extent I understand it, which is: TOR gateway operators are more vulnerable that users of the service. So Individual users of TOR are safe as are hidden services operators. What I refer to as "safe" comes with the condition that recommendations like turning off java script, etc., are followed. Individual users have also occasionally been identified by exploiting a Firefox vulnerability that hadn't been patched.
Please correct me if I have misunderstood, but otherwise I think TOR remains the best hope of staying anonymous on the internet. Many others have tried to do better, but I'm not aware that any have succeeded. Does anyone know of a better alternative?
(Score: 1, Insightful) by Anonymous Coward on Friday September 18 2020, @02:19PM
Assuming that no law enforcement or other malicious actors have "volunteered" to run TOR nodes, yes.
At present, it's the best easy thing going, and is probably a good part of a defense in depth strategy. If you really want to stay anonymous on the internet, I'd start by paying a few randomly selected people in cash to buy burner phones for you, then using those phones as WiFi hotspots for whatever you want to be doing. Depending on how "hot" your activity is, setting up your own anonymizing network (like the two-phones in an abandoned office thing you see in old movies) isn't a bad idea to mask your physical location, but... if you are planning for life after you get caught you might not want to hop too many jurisdictions in the process, penalties increase as you cross more borders.
(Score: 2) by legont on Friday September 18 2020, @04:30PM
However, it also makes you a more desirable target. When a sweep is in progress, it's a question of allocating the resources.
I personally don't use tor on regular basis to make myself less desirable, but I do use it occasionally for short periods when I want a better protection.
What do I use on regular basis? VPN's in unfriendly jurisdictions.
Having said that, one shall have no illusions. If a serious organization is after you specifically, you have no chance.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 4, Interesting) by Anonymous Coward on Friday September 18 2020, @02:32PM (7 children)
You misunderstand the issue. From TFA:
The problem with this theoretical God's eye vantage point is that it isn't theoretical -- and the random shuffling isn't good enough. The people I consulted about my DDoS issue included people with real God's eye views. One claimed to see over 70% of all internet traffic worldwide. Another claimed over 50%. Moreover, these people are not nation-states or governments; they are corporate.
Why do these high level views exist? Well, there are denial-of-service attacks going on all the time. These corporate monitoring groups pair up with major network carriers in order to monitor the overall network levels. When a DDoS is observed, they can engage in a coordinated effort to mitigate the impact. Remember: the DDoS doesn't just hurt the target system; it also slows down the overall network and costs big companies real money in bandwidth overhead. These corporate groups are there to help mitigate the cost to the major carriers. As a side effect, you get really cool worldwide attack maps, like those provided by Digital Attack Map and NetScout. (Full disclosure: I don't know anyone at either of these companies.)
In my case, they saw a high volume DDoS that only involved known Tor nodes. That's how they knew it was a Tor-based DDoS. All of the traffic went through the Tor network before merging at a single point: my hidden service. (Technically, there were over a half-dozen hidden services being attacked, but it's the same methodology.)
As it turns out, you don't even need to have a huge DDoS to find a single user or a hidden service. You just need a sustained network load. At FotoForensics, I saw a meme photo of a snake eating a rifle that really describes this situation:
(Score: 3, Interesting) by VacuumTube on Friday September 18 2020, @02:48PM (4 children)
It's long been recognized that someone able to monitor all internet traffic could identify TOR users through timing relationships as the data arrived and departed. This was not secret, it was disclosed on their website. Several years ago that prospect seemed remote. Perhaps not so much now.
(Score: 2, Interesting) by Anonymous Coward on Friday September 18 2020, @02:54PM
Actually, it was more than ten years ago [torproject.org].
(Score: 3, Insightful) by Runaway1956 on Friday September 18 2020, @04:32PM (2 children)
It is important to understand who might be capable of attaining that God's Eye View. Government doesn't have the legal capacity to do so. Few foreign governments have the technical capacity to do so. But there are at least a dozen corporations able to do so. A consortium of smaller corporations could do just as easily. A consortium of "rights holders" could do it just as easily. Depending on which assortment of corporations and/or rights holders were working on it, the feat could be accomplished with relatively little cash expenditure.
With a God's Eye View, NO ONE is "safe" on Tor.
Of course, it must be remembered that the View isn't necessary to make a lot of busts. All that is required to bust an individual user and/or service, is that it be isolated within a group of hostile nodes. If your first hop goes through your local municipal building, with the Chief of Police watching your every transaction, you are seriously compromised already. If the Chief is cooperating with the FBI, who control dozens of other nodes, including some exit nodes, it's just a matter of time until the cops get their incriminating evidence.
(Score: 3, Informative) by KilroySmith on Friday September 18 2020, @09:52PM (1 child)
>>> Government doesn't have the legal capacity to do so
Well, the truth is that only a FEW governments don't have the legal right to do so. Most governments give themselves that right.
The uncomfortable truth is that, even for those few governments, the "legal right" is a minor impediment. The USA is one government that, legally, doesn't have the right to monitor US citizen-to-US citizen traffic at that level (at least, if you believe that the fourth amendment to the US Constitution covers Internet traffic). It does, however, have the right (at least as far as the US Government is concerned) to monitor every bit of internet traffic in the rest of the world, and any internet traffic that crosses the US border, even if a US citizen is involved.
Now, let's assume that the UK government has similar restrictions -can't monitor UK citizen traffic, but can monitor the rest of the worlds traffic. These two sets of traffic form a union that includes "all internet traffic in the world". Now, nothing (in written law) prevents the US Government from buying the information it wants from the UK, nor selling the information it has that the UK is prohibited from collecting back to the UK ("Here's one dollar for your information; give me one dollar and I'll give you mine"). Now both governments have the superset of information.
A quick google of "Five eyes", "Nine eyes", "Fourteen eyes" is, well, eye-opening.
(Score: 2) by VacuumTube on Sunday September 20 2020, @12:32PM
"A quick google of "Five eyes", "Nine eyes", "Fourteen eyes" is, well, eye-opening. "
Following this suggestion I came upon https://restoreprivacy.com/, [restoreprivacy.com] which is absolutely worth seeing if you're interested in internet privacy.
(Score: 0) by Anonymous Coward on Friday September 18 2020, @04:34PM
Second this - have seen in the office.
(Score: 0) by Anonymous Coward on Friday September 25 2020, @09:58PM
No meme link!
I read all that and great but - no meme link provided, friend.
Also, this is called traffic analysis. There are lots of ways it can be performed - traffic volume, in your case, reveals that you are a tor service under attack, and your IP, but not what tor service it is. Given a set of tor service addresses, one can manipulate them (traffic shaping and network healing attacks) or even do simple time correlation or RTT analysis if the tor service has low enough volume. All of this gets easier the more of the network you can monitor or control.
Consider the extreme of a single net governing entity. It could simply disable all traffic not involving known TOR service addresses, then disable those one by one until the service whose IP is desired is found.
(Score: 2) by requerdanos on Friday September 18 2020, @02:02PM
The article describes how someone determined enough to introduce adversarial nodes participating in the Tor network can compromise the anonymity of hidden services and single users (not just exit nodes). As the article [hackerfactor.com] puts it:
(Score: 1) by fustakrakich on Friday September 18 2020, @02:13PM (12 children)
But connecting to a TOR server raises suspicions. Eventually, deep packet inspection will render all this moot. Unauthorized encryption will simply be dropped, or rerouted to Utah.
La politica e i criminali sono la stessa cosa..
(Score: 2) by The Mighty Buzzard on Friday September 18 2020, @02:24PM (9 children)
Which is why you disguise your unauthorized encryption as authorized encryption.
My rights don't end where your fear begins.
(Score: 3, Interesting) by Immerman on Friday September 18 2020, @02:41PM (8 children)
You know, it suddenly occurs to me that I haven't heard much about stenography being used to disguise encrypted traffic as un-encrypted traffic, which could be a wonderful way to avoid scrutiny in the first place. At the very least it could avoid raising a red flag to automated monitoring systems.
Of course, it would also severely reduce the bandwidth of a connection, so I can understand why it's not used for things like Tor.
(Score: 0) by Anonymous Coward on Friday September 18 2020, @02:51PM (3 children)
I suppose. But the "encryption [wikipedia.org]" isn't very strong.
And also assumes that stenographers [planetdepos.com] and transcription services [wikipedia.org] can be trusted.
Personally, I'd be more likely to go with something like this [wikipedia.org] instead. But hey, whatever fries your clams friend.
(Score: 2) by Immerman on Friday September 18 2020, @03:29PM (2 children)
My bad - *steganography*, not stenography. I was outsmarted by spell-check.
As in, encrypt your data normally, and then disguise it as unrelated, unencrypted data.
I suppose it wouldn't actually be relevant to something like Tor though, since it'll be pretty obvious that any traffic going into the obfuscation network is covert traffic, no matter how innocuous it looks.
(Score: 3, Informative) by JoeMerchant on Friday September 18 2020, @03:46PM
Any steganography worth pursuing is combined with encryption as strong as you need it to be. If the "hidden message" is plaintext, then it's much easier to find. If the hidden message looks like stochastic noise, you can't be sure you've cracked the hiding algorithm until you have also decrypted the message.
🌻🌻 [google.com]
(Score: 2) by The Vocal Minority on Saturday September 19 2020, @06:06AM
Well then, how about combining steganography aaaaand stenography for extra strong anonymity *mind blown* :P
(Score: 0) by Anonymous Coward on Friday September 18 2020, @03:28PM
"I haven't heard much about stenography being used to disguise encrypted traffic"
I think my stent just clogged.
(Score: 2) by JoeMerchant on Friday September 18 2020, @03:38PM (2 children)
I always wanted to call it Stegonography (like Stegosaurus), but the more widely used term is Steganography - of course, calling it Stenography is itself a form of Steganography - making your text immune to search for the Steganography keyword.
Now: to TMB's point, if you wrap unauthorized encryption in authorized encryption, that means that the deep packet inspectors will have to do their authorized decryption of everything in order to detect your unauthorized encryption. Which is yet another reason authorized encryption isn't practical, unless it uses low effort algorithms akin to ROT13.
I picture a Steganography network functioning like this:
Coordinating node periodically publishes a hidden messages on a commonly traveled site like Reddit - know how much text you can effectively hide in a cat video? Lots.
Other nodes "browse" this high traffic server as part of their daily routine, along with millions of other users. In addition to general information like a newspaper published by the coordinating node, keys and addresses of future communications can be published so that members of the group can find future messages efficiently (without having to download and attempt to decode EVERY cat video in the day's feed.) Typical secret society "operating cells" and similar precautionary measures can (should) also be applied, for any network that wishes to remain secret for long.
Careful practitioners of Steganography would probably avoid networks like TOR - mainstream high traffic sites are much more anonymizing.
Well, if they're doing it right, you wouldn't would you?
🌻🌻 [google.com]
(Score: 2) by Immerman on Saturday September 19 2020, @03:14PM (1 child)
>Well, if they're doing it right, you wouldn't would you?
Yeah, the more I thought about it, the more I realized that would be the case - steganography just isn't well suited to a public obfuscation network like Tor - the whole point is to hide the fact that covert communication is happening at all, while sending traffic through a publicly known obfuscation network is painting a day-glow bullseye on your "covert" communication.
Stegosaurography on the other other hand is a completely different beast - strap your message to a (sub-)2-ton armor-plated homing saurian and just dare the opposition to try to intercept it.
As a side note I now regret looking up the weight of a stegosaurus - my inner child is sorely disappointed it was actually less than a quarter the size of an elephant.
(Score: 2) by JoeMerchant on Saturday September 19 2020, @04:11PM
That is a bummer, Brontosaurus are so boring...
🌻🌻 [google.com]
(Score: 2) by VacuumTube on Friday September 18 2020, @02:59PM (1 child)
"But connecting to a TOR server raises suspicions. "
That's why they have TOR relays.
(Score: 3, Informative) by VacuumTube on Friday September 18 2020, @03:22PM
Careless error: "That's why they have TOR relays."
No, that's why they have built in proxy connections they call bridges.
(Score: 2, Interesting) by fustakrakich on Friday September 18 2020, @01:52PM (2 children)
The navy wouldn't let it out unless it was obsolete and easy to compromise.
La politica e i criminali sono la stessa cosa..
(Score: 4, Informative) by VacuumTube on Friday September 18 2020, @02:54PM (1 child)
The government identified the operator of Silk Road several years ago only because he got sloppy. Edward Snowden used it too, and so did many others. At least in the past it was pretty secure.
There's no such thing as absolute anonymity, though. If they want you badly enough, they'll get you.
(Score: 0) by Anonymous Coward on Saturday September 19 2020, @02:26AM
If a packet can get to you, the government can get to you. Especially to collect on your student loans.
(Score: 4, Interesting) by The Mighty Buzzard on Friday September 18 2020, @02:23PM (5 children)
A few minutes is all. Removing it and cleaning up after it would take a little longer but just disabling it is easy peasy.
My rights don't end where your fear begins.
(Score: 3, Insightful) by Booga1 on Friday September 18 2020, @02:31PM (1 child)
I'm not really sure disabling TOR would be a net benefit. Part of the whole point of TOR is so that people using it are harder to find and track. Theoretically the more services and traffic there is to diverse endpoints, the safer all users on TOR are. At least, that was my understanding of how it generally works.
SoylentNews isn't the one hiding, so that half of the problem isn't important. Is SoylentNews experiencing a flood of spam or traffic to the point that it's unsustainable to leave TOR access in place?
(Score: 2) by The Mighty Buzzard on Friday September 18 2020, @04:17PM
Yeah, I wasn't planning on doing it unless it comes down to a choice of remove it or fix it. Nobody on staff will admit to using any form of ToR long enough to play troubleshooting guinea pig and it's too much bother and too low on severity compared to other site bugs to bother setting it up myself, so as it stands if it breaks it's just going to stay broken.
My rights don't end where your fear begins.
(Score: -1, Troll) by Azuma Hazuki 2.0 on Saturday September 19 2020, @11:49AM (2 children)
You're supposed to say it's extremely difficult. That way you can continue pretending to be a martyr because you give some of your free time to this site. It's also shameful that you're using the lameness filter to limit my ability to post about niggers. There's something very wrong with you, fascist Trump lover boy. Fuck you.
(Score: 2) by The Mighty Buzzard on Saturday September 19 2020, @01:55PM
You need to keep practicing your impressions. You're not very good yet.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Saturday September 19 2020, @02:06PM
I read it 3 times before I saw the 2.0... well done, troll, well done.
(Score: 3, Informative) by bzipitidoo on Friday September 18 2020, @04:08PM (3 children)
I wish TOR well, but what did anyone expect with all this futzing around with anonymizing protocols and services in which the ideas are fundamentally flawed? It's a nice ideal and all, but frankly, it's a lot like DRM, in that it's an attempt to employ tech to do something that really isn't possible. The Internet can't function if it doesn't know where to send the packets. Sure, we can make data take lots of hops and keep the intermediaries in the dark about the ultimate source and destination. But that can be compromised all too easily.
Back in the day, the phone network had the same problem. Calls could be traced, and phone lines tapped, and there was no good way to stop that. Defenses are by necessity exterior. One defense is encryption at the endpoints.
To really be anonymous, I would use a burner tablet or laptop, and find some business that offers free WiFi which has sufficient range that I can connect from off the premises. Much the same principle as using a public pay phone. More elaborate precautions can be taken of course, such as checking around that there are no security cameras viewing your location.
The best defense of all is blending in to the crowd. Ironically, it's possible that all that using TOR accomplishes, is to call attention to yourself.
(Score: 2) by Runaway1956 on Friday September 18 2020, @04:44PM
That is already difficult in some parts of the world. And, we can expect it to get more difficult going forward.
Also, that "free wifi" is a potential problem. How do you know that the owner of that wifi hasn't authorized the FBI or whoever to monitor his router? If the router logs everything, you're a little bit screwed from the start, unless you're spoofind your MAC address. Even with spoofing, you can probably be tracked.
Ubiquitous surveillance is ubiquitous, after all.
(Score: 2) by VacuumTube on Friday September 18 2020, @05:12PM (1 child)
" Ironically, it's possible that all that using TOR accomplishes, is to call attention to yourself."
That's just not right. For example, it's the only way millions of people living under repressive governments can connect with our healthy, western propaganda.
(Score: 0) by Anonymous Coward on Friday September 18 2020, @07:20PM
Yeah, you're right. They're better off staying behind their great firewalls.
Ignorance really is bliss.
(Score: 3, Informative) by SomeRandomGeek on Friday September 18 2020, @05:10PM (2 children)
The attack described is based on the attacker being able to tell who is who based on measuring traffic volume. The attacker sees Alice send a sudden burst of data and Bob receive a sudden burst of data of the same size. Bingo! The attacker knows Alice is talking to Bob. And if Alice is the attacker, now Alice is able to map Bob's anonymous TOR hostname to a real IP address.
So, it seems to me that a straightforward way to defeat this attack is to engage in decoy traffic. Bob should always be sending and receiving decoy packets so that Bob is always running within a chosen capacity range, say 50-75%. If Bob receives a sudden burst of non-decoy traffic, bob adjusts the volume of decoy traffic accordingly, so Bob's total volume remains a random amount of Bob's own choosing.
(Score: 0) by Anonymous Coward on Friday September 18 2020, @11:28PM
Take the principles behind i2p's every node is a relay and ensure every two nodes get sent a same-length packet at the same time.
Every connection has a minimum bandwidth factor, and every time the maximum increases you do so to at least 1 other node. The downside is finding enough different links and enough bandwidth to do this successfully to throw off traffic monitoring. And given the bandwidth quotas many people have, some of them involving punitive financial action for overages, you would need to have extremely accurate reporting of traffic and 'client use' that would limit it.
(Score: 0) by Anonymous Coward on Saturday September 19 2020, @12:34AM
Also, the weakness seems to be centered around persistent ongoing connections like transferring large files.
While that is going on, the same exit and relay node is used because of fundamental limitations with TCP (though i guess we could go back to doing multi-part downloads, but it would perhaps be possible to tell if the downloads went to the same downloader based on the parts requested).
but intermittent traffic like web browsing will have different requests come from different exit nodes over time.
This is why Tor and Cloudflare has had a bit of back and forth over the years, and why Tor maintain their own semi-fork of Firefox, because any site making use of cloudflare's ddos protection would request that a Tor user perform a captcha every time the edge node changed.
(Score: 0) by Anonymous Coward on Friday September 18 2020, @05:42PM (1 child)
It wouldn't surprise me if Tor was used for APK's spam attacks. It's not that hard to evade regex-based filters, so quite possibly the only thing preventing more spam attacks is that he's occupied being an asshole on other sites. I don't think disabling Tor will outright prevent the spam, either, but it's probably a worthwhile step to keep the notjobs at bay. I vote in favor of disabling it.
(Score: 0, Offtopic) by Azuma Hazuki 2.0 on Saturday September 19 2020, @11:43AM
I have no problem with APK. he can post whatever he wants. I am happy to live rent-free in his head. I am mad that Buzzy is using the lameness filter to restrict my ability to say nigger. I can say "white" as much as I want. Why is this site racist against niggers?
(Score: 2) by Snospar on Friday September 18 2020, @07:18PM (4 children)
SoylentNews should definitely continue to support Tor. This announcement is not saying that Tor is forever broken and insecure, it's saying that large scale traffic analysis (during DDoS) can point to an exit node. So what? The volume of traffic exiting a Tor exit node is what protects the anonymity of the casual Tor user, not useful during a DDoS, but the rest of the time it works. AFAIK the military still uses this, or something very similar, and Edward Snowden is still a big fan.
Huge thanks to all the Soylent volunteers without whom this community (and this post) would not be possible.
(Score: 0) by Anonymous Coward on Friday September 18 2020, @07:29PM (1 child)
Snowden's suggestions should be treated as suggestions, not gospel.
(Score: 0) by Anonymous Coward on Saturday September 19 2020, @06:57PM
You really don't understand the garden variety Snowden fanboy, do you?
(Score: 1, Interesting) by Anonymous Coward on Saturday September 19 2020, @12:46AM (1 child)
with people in all aspects of the privacy networks, from developer, to user, to political dissident, to criminal, what I can tell you right now is:
Tor and I2P are both dead as organizations. Both allowed complacency, corruption and a desire for more donations to outstrip their mission statements and compromise their anonymity provisions. While Roger is still working on Tor, one long time tor relay admin was explaining the issue he had with them... 3 years ago. Basically they don't take serious reports from their volunteers on network issues that they are seeing, they aren't following through on known security issues, and generally they're fucking off when they should be securing the network. I2P on the other hand had all the original crypto-anarchists either leave or get busted, leaving a small group of people with.... issues, that represent the worst the far right and far left authoritarian movements have to offer, many trumpeting how important free speech is, until they dislike it, then either censoring people or talking about the need for methods of identifying/blocking 'troublesome' users. IRC2P (the federated I2P irc network dating back to its inception as a successor of the invisible irc project) has gone from 200-300 individual users down to 40-60, split between dupes, a small nest of russians, a small nest of hispanics, and a small cluster of mostly alt-right pro-authoritarians (with a few wingnut liberals just for variety... as long as they don't step on the wrong toes.)
One thing both networks have in common: they both compromised the theoretical security guarantees afforded by picking truely random nodes in exchange for improved circuit connection times and bandwidth, exacerbating these problems, by making users preferentially choose the 'fast' nodes over the slower (and more likely to be volunteer run/non-malicious nodes.) As a result both over time favor large scale adversaries over a truly random mix of nodes.
At this point in time a new platform is needed, but the volunteer pool is spread too thin and far too many have been burned by past promises of 'making a difference'. All that has been done so far is to line certain individuals pockets with donations in both organizations hierarchies.
(Score: 0) by Anonymous Coward on Friday September 25 2020, @10:08PM
> All that has been done so far is to line certain individuals pockets with donations in both organizations hierarchies.
Well, no, we have two tools that are not perfect but are better than no tools. The hurdle to cross to compromise either requires resource expenditure, control of resources, and competence. Lots of weaker actors are excluded, and probably much less infringement by larger actors occurs, than without these tools.
But I hear your frustration, and if you contributed code or other, thanks.