[tor-talk] Tor as ecommerce platform

Ted Smith tedks at riseup.net
Sat Aug 11 02:11:45 UTC 2012


On Fri, 2012-08-10 at 02:00 +0300, Maxim Kammerer wrote:
> On Thu, Aug 9, 2012 at 7:00 PM, Ted Smith <tedks at riseup.net> wrote:
> > How would you do that without facing the same problem as someone
> > wiretapping their own exit node? Do you have a CP classifier? Are you
> > going to load each .onion and manually verify if it contains CP? How are
> > you going to aggregate that into statistics?
> 
> Yes, if gathering .onion access statistics were possible, I would load
> each .onion address in a top-50 list and see what it contains, or
> search for the address if access requires authentication. The reason
> is that I am curious and don't have an agenda to protect, unlike Tor
> project policy people. Why do you pretend that it's difficult to do?

The obvious problem with this (((this, right here, is the productive
contribution to discussion this email has: it points out the problem
with your proposed methodologies))) is that it presumes that these top
50 .onion domains comprise the majority of .onion traffic through your
node. I suspect this is not the case. 

If I'm right, and most of the .onion traffic through any given node is
over the "long tail", it won't be possible to get anything useful
without an automated classifier.

Further, this depends on a long list of assumptions (that all .onion
sites are serving HTTP over port 80, that the HTTP sites use an
authentication system you can detect as such, etc.).

> > I don't have to "bring my own references" to point out that the only
> > *actually existing* "statistical" evaluation of illegal content on Tor,
> > that provides the cornerstone of your argument that "The Tor Project is
> > misleading the public about the use cases of Tor," is totally baseless.
> 
> The Reddit comment was an illustrative example. The argument is that
> Tor is well-known for the illegal (again, depending on jurisdiction)
> content that it provides access to (Tor exit operators aren't raided
> just because LE officers are bored). People don't come to this list
> and ask how to get on some political dissidents .onion discussion
> board. They come to ask how to get on Silk Road, and ask on other
> support forums for Bitcoin support, presumably so that they can use
> Bitcoins on Silk Road to buy drugs. On .onion and I2P imageboards,
> they don't ask where they can download LOLcats — they ask where they
> can get more CP, and get directed to OPVA and other boards. I don't
> care either way, but this is well-known information, which you are
> apparently oblivious to — which raises the question: why did you
> decide that you have anything of value to contribute to this thread,
> especially if you have no references?

You have equally few references. I can duplicate your references
whenever I choose to make a Reddit account and claim to have seen only
legal content over Tor.

You don't seem to be using any actual, quantified method to arrive at
these conclusions. As such, you're probably using your own biased human
intuition as to all of the many (very, very debatable) facts above. The
anecdotes you've shared are a fraction of the anecdotes you've actually
seen, filtered through the very many cognitive biases we suffer from as
humans.

The hypothesis you assign the highest probability towards causing these
anecdotes is "Tor is mostly used for criminal activity." There are a
wide variety of other hypotheses that seem to me to be equally likely to
produce these anecdotes, such as "the link network of .onion sites that
you are privy to contain mostly criminal sites," "criminals are more
public about their intentions than other users of Tor," and "you have
seen more criminals post about their activities because of your
person-specific interests."

> > You have no explanation for how that person reached that conclusion.
> 
> It's simple: he ran an exit node, and sampled the URLs that people
> accessed via the node. It is obvious — that's what he wrote.

What exit policy did she use? What percentage of Tor exit traffic did
that node see? What sampling methodology did she use to produce the
sample set of URLs? How did she classify the URLs into various
categories?

You have the answer to none of the above questions, and until you do,
there is nothing "obvious" about how that person reached the conclusion
they did.

> > I would like you to strengthen your evidence, and if you manage to produce something
> > convincing, I'd agree with it.
> 
> I would like you to stop posting useless replies. If you have
> something to contribute, be it a proposed method of statistical
> analysis, a reference to Tor exit operator who actually sampled
> accessed URLs, or anything else, then great, otherwise you are not
> bringing any new information or non-trivial conclusions to the table.
> Calling someone sharing their experience a troll or a false flag can
> be interesting psychologically, but it has no merit otherwise.

I have told you why you are probably wrong in a variety of ways. If you
don't think this is constructive, I'm not sure what would be.


-- 
Sent from Ubuntu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20120810/49968fd9/attachment.pgp>


More information about the tor-talk mailing list