Isaac Grover, Aileron I.T. dijo [Tue, May 02, 2017 at 12:20:15PM +0000]:
Good morning,
I recently presented to a group of ten local police chiefs on the topic of Tor and its more common, though less publicized, civil usage, as opposed to the more publicized criminal usage. During my presentation I emphasized this fact, and they countered that because its usage is entirely anonymous, it is reasonable to assume that it could be used entirely by criminals and none of the oppressed as I had claimed.
Which brings me to my question. Other than private individuals saying "Hey, I use Tor for X", how does the overall network know what the network is used for, even approximately?
In Debian, starting with the current stable version (8.0 / jessie), we have a package called «apt-transport-tor». It allows for handling all system installs and updates via Tor, downloading packages anonymously. From the package description (partial quote only):
APT already includes mechanisms for guaranteeing the authenticity of the packages you download. However, an adversary sniffing your network traffic can still see what software you are installing.
Install apt-transport-tor, edit your sources.list to include only tor:// URLs, and you can make it very difficult for anyone intercepting your network traffic to be able to tell that you are installing Debian packages, or which packages you are installing.
This has of course uses both for servers in "busy" data center networks and for individuals connecting from home.