[Long!] Re: Darknetting and hidden services [Was: Re: virtues of middlemen]

F. Fox kitsune.or at gmail.com
Tue Jan 1 19:36:56 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Jo wrote:
> On 01/01/2008, F. Fox <kitsune.or at gmail.com> wrote:
>> These are Tor's hidden services: Servers accessible anonymously, where
>> both client and server are unknown to each other. =:o)
>>
>> Since such services are visible only via Tor, they would fall under the
>> darknet definition, I believe.
>>
> 
> This is what I was getting at ... just didn't say it right :(
> 

It's okay. =:o) After all, the hidden service side of things is quite a
bit more obscure than the (likely) most common use of Tor - an anonymity
 layer and inherent outproxy to the normal Web.

(About that anonymity layer... Although I've never seen it formally
described as such, I could see it being considered as a separate logic
layer in the TCP/IP stack, since it is such a general-use TCP conduit.
It'd look something like this:

*****

[Application]
	|
[Anonymity]
	|
[Transport]
	|
[Internet]
	|
[Network Access]

*****

Just for kicks...)

> I have often wondered just how big the network could get, and what
> impact this has on the Internet.  There are many Internet resources
> that will always be needed - e.g. email will need to be accessible
> from / routed to Tor; Google, Wikipedia, Universities, etc are not
> going to be replicated, ...
> 
> At the moment the rest of the Internet can ignore Tor (except for
> those who want to block it) but - if big enough - one could imagine
> the need for ubiquitous gateway services to allow simple
> (transparent?) access to resources within the network.
> 

If it became mainstream and massive, yes. However, I don't have much
hope for that, if history is a guide for the most likely development of
the future [1]. Such a ubiquitous deployment will most likely (though
sadly) remain the "wet dream" of hackers, civil libertarians,
crypto-anarchists, and cipherpunks.

The network has - though far from ubiquitous - grown quite a bit over
the few years. Around 2005, the paper "Low-Cost Traffic Analysis of
Tor"[2] mentioned there being around 50 Tor nodes; IIRC, that's
mushroomed to around 1,600.

(I suppose that such a mushrooming effect could cause someone to look
Tor through another historical POV, though - that of the Internet
itself. It did something similar... =:oD )

****

[1]: This is one reason why I try to study as much history as I can,
BTW; many mistakes are made in the present, which could have been
avoided if the one who made them had learned about certain aspects of
the past.

[2]: http://www.cl.cam.ac.uk/users/sjm217/papers/oakland05torta.pdf

> Of course it has to get big enough first.  PGP is still struggling (I
> don't even have a signing key for this email address) and services
> such as Usenet which were huge in their time are now rapidly being
> replaced.  (This one really irks me - a fantastic idea with some basic
> privacy elements built in, being replaced by lesser technologies).
> SSL, OTOH, has become pretty much mainstream and is still developing
> ... the challenge to be able to grow Tor will be to do the same - make
> it mainstream.
> 

True, it's a shame some of these things aren't more mainstream.

That thing about Usenet also strikes a chord with me; when a technology
with many years of history behind it ends up circling the drain, it's
just sad.

Old doesn't always mean inferior, or even obsolete/superceded; a good
example are the Unices, which started way back in the 1970s (IIRC).
Sure, things have changed a lot since then, but the basic model is still
there. The core of the Net runs on it (and if more of the users did, we
might not have half the bedlam going on right now! =xoD ).

> Of course to become mainstream it needs to be REAL easy.  And if Tor
> gets to the point where it is so simple that you don't really need to
> understand it, there is a distinct possibility that many of the
> benefits may no longer be realised (how do you know you've got a
> secure, private connection if you don't understand WHY it is secure
> and private - particularly what *isn't* provided).
(snip)

This is one reason why malicious Tor exit nodes and scripts/applets/etc.
on servers have had such success in de-masking Tor users - it's not a
silver bullet. Users have to configure their applications carefully, as
well as be careful what they let pass through Tor (either explicitly
entered, or implicitly leaked).

As it stands right now, Tor is for people who have a decent knowledge of
how to secure themselves - and I don't see that changing anytime soon.

I'm glad to see the warnings that have been put on the front page of the
Tor Project site - but the fact remains, sheep will be sheep. Not
everyone will pay attention to it - and they very well could suffer the
consequences.

(Amazingly, a lot of the "sheep" they found, I would think belong in the
"wolf" category! =xoD )

The exits and servers I mentioned previously were those I read about as
proof-of-concept - but most of them are so feasible (requiring so little
effort), that a teenager could probably do it from his basement.

Just imagine what a repressive regime could do...

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHepZYbgkxCAzYBCMRCNIUAJ9NSQNzq719/0iJsDGyifOHyHmhIACdEzpc
m4nwOE+gAo/4QRyBfWpnfJE=
=5zDf
-----END PGP SIGNATURE-----



More information about the tor-talk mailing list