[tor-talk] Thoughts on Tor-based social networking?
conrad at rockenhaus.com
Mon Nov 4 19:18:57 UTC 2013
Your email actually kind of intrigued me and I just wanted to comment
on some of your points...
On Mon, Oct 28, 2013 at 8:24 AM, Bill Cox <waywardgeek at gmail.com> wrote:
> So, let's drop the who filtering/censoring thing entirely. Here's some more
> concerns I have:
> Yes, griefers often use Tor. Who are they? The obvious answer is they're
> dumb kids, but what if Tor were threatening to a major government? It's
> hard for me to imaging that both China and the USA could agree on Tor. What
> if just one of them wanted insure Tor did not grow to a significant network?
> Here's what I'd do with my budget if I were asked to trash Tor:
> - I'd pay hackers to use Tor for all their bad behavior
> - I'd have a thousand employees download free porn and illegal videos all
> day every day.
> - I'd own many nodes, and sooner or later someone like DPR would reveal his
> IP address to me, and I'd take him down, discrediting Tor.
> - I'd make sure I had enough monitors in the Internet backbone to completely
> track Tor traffic, and then I'd pay tons of researchers to use it. The USA
> pays 60% of Tor's research budgent... Doesn't that scare anyone here?
You'll be surprised at the battles within the US Government, mainly
the US Military/Intelligence Community about TOR. As a Communications
guy in the Navy, my job was (yes, past tense) develop solutions for
communications privacy, plausible deniability, etc. and quite a few of
them utilized TOR, and there's a huge core of TOR supporters within
the community that support TOR, including the free speech aspects,
completely... of course, none of us are the Intelligence types.
Then you have the Intelligence Community, who, going out on a limb
here, doesn't value privacy. They feel technologies such as TOR are
only for nefarious purposes. I mean no one needs anonymity anymore,
So, in a nutshell - you have a clash of two worlds here - you have
people within the US Government that actively support TOR and believe
in it and you have the people that feel that it's one of the evil
things and would love that technologies such as it and perhaps even
SSL didn't exist. Just my $0.02 on that topic about it.
> I don't mean to trash-talk Tor. This is a super-hard problem, and Tor has
> done an impressive job. However, Tor's insistence that it not look at
> traffic or audit nodes makes Tor an easy target. Is Tor failing to grow
> because there is an active government backed effort to keep Tor small? Are
> the hackers giving Tor a bad name encouraged to do so?
I'm not sure about the hackers, but I'll tell you this much - it is a
super-hard issue to maintain an exit-node, especially in the United
States, and not run into any legal issues. I previously ran a TOR
exit node...I don't anymore, because said exit node is still in the
custody of NCIS, which is funny as during my interrogation about the
TOR exit node, I did explain that my job in the Navy extensively
technologies such as TOR and I was attempting to promote free speech
and privacy. I was quickly corrected about the subject per the above
discussion about the two differing views about TOR.
Thankfully, due to the way TOR is configured no user data was
compromised. They had a simple FreeBSD box. Whoopee. However, it's
situations like these that I'm thankful that traffic isn't audited or
sniffed or anything, because the ramifications of that could have been
very serious for many people after the box was seized.
> So, don't track Tor user behavior, and don't filter content. However, when
> they piss off some web site operator, that operator should be able to state
> the public identity of the Tor griefer, and Tor exit nodes should feel free
> to black-list that user.
> I really do want to run a Tor node, and an exit node at that. However, I
> just can't encourage more of the behavior I've seen so far. I need some way
> to hold a griefer accountable. It's a very very hard problem. Any ideas?
> Thanks for all the good feedback. I'm learning from these replies.
I guess, what I'm basically trying to say - it's a hard balance
between the two. When you're providing an opportunity for free speech
with the possibility of no consequences (for the end user), there
might be a bonehead or two who's going to potentially abuse it, but
when you start with logging and auditing, you're providing an
opportunity for a third party to compromise someone who really doesn't
need to be compromised.
More information about the tor-talk