[tor-talk] Giving Hidden Services some love

Jonathan Wilkes jancsika at yahoo.com
Thu Jan 1 18:55:46 UTC 2015 

On 01/01/2015 10:54 AM, spencerone at openmailbox.org wrote:
>> Jonathan Wilkes jancsika at yahoo.com wrote:
>>
>> This has long been a chicken-or-egg problem.  A general audience (i.e.,
>> not digital security specialists) must know what hidden services do
>> before they get involved in hosting hidden services (or even using them,
>> for that matter).  But to know what hidden services do, a general
>> audience must be able to use hidden services that interest them.  If
>> there aren't any that interest them, then consequently there's no demand
>> for anyone to create them.  So few people know what they do, outside of
>> "hacking" and "omg darknet".
>
> I do not agree that to understand what hidden services do that one 
> must use them or find using them interesting.

We're probably talking at cross-purposes.  When I wrote "know what 
hidden services do", I meant a potential user should know what a hidden 
service can do to benefit them (or benefit their community). I don't 
mean that a general audience should understand all the technical details 
you mention below, nor that Tor docs should try (and fail) to explain 
those details to a general audience.

For a general audience to understand what hidden services can do for 
them, there ought to be hidden services available which interest them.  
Then users can _use_ the services and learn (in a basic sense) how they 
work and why they exist.  Otherwise one must explain complex topics 
which are outside of the user's area of expertise, _plus_ contend with 
the reality that many of the widely-known hidden services are shady or 
disgusting.  If you've ever tried to explain the importance of online 
anonymity to a general audience, you'll understand what a difficulty 
these two issues present.  It's much more effective to show someone how 
to browse using Tor, and guide them as they learn for themselves.

>   I, as well as many ancient astronaut theorists, contend, that the 
> explanation on the Tor Project's Hidden Services section of their 
> website needs to be more ... something [I was thinking 'Clear', but if 
> you understand the concepts, then it is most likely quite clear].
>
> It starts out with a very simple claim about anonymity being the 
> purpose of using hidden services, but then, as it goes on to explain 
> how that works, it gets a bit confusing, mentioning things like 
> "rendezvous points", "relays", "circuits", "introduction points", 
> "hidden service descriptors", "public keys", "distributed hash 
> tables", "XYZ=16characters.onion", "one-time secrets" 
> "introduce/rendezvous messages", "entry guards", "entry nodes", & 
> "end-to-end encryption/decryption", which do not make sense to most 
> people [Dad].

If there were a hidden service that interested Dad, that doesn't matter.

>
> To me, understanding some of these concepts, it seems like a closed 
> network that overlays the internet protocol with a security blanket.

Well, it's an anonymity overlay.  Security blanket is probably 
misleading, as using hidden services aren't inherently more secure, 
broadly speaking.

>   But is this accurate?  Is this needed?  How does this differ from 
> p2p, or does it then become p2p?  Is it comparable to Dotcom's 
> Meganet, which is supposed to be non IP? Other than not using the exit 
> relays, what value does it provide that Tor on the regular web does not?

As in the above example, both the whistleblower and Dad have some degree 
of anonymity when the content is posted using a hidden service.  The 
whistleblower cannot easily post content anonymously on the regular web.

I don't know anything about Meganet.

>   Also, and this goes in a slightly different direction so ignore, why 
> is Tor using some relays to exit and not all?

Let's say you decide to run a relay.  Would you want to click the button 
that only relays encrypted data within the Tor network (encrypted from 
_your_ eyes, too), or should you click the button that makes your 
computer fetch arbitrary pages from the regular web for anonymous Tor 
users?  Which would you guess requires less risk on your part?

>
> I would like to communicate p2p but if scrambling my middleman 
> connections is the better [more secure] option then I would like to 
> know.  Also, does this series of relays count as a third party, 
> ultimately classifying my content [whatever I am communicating] as 
> public knowledge?

I don't know the answer to that question.

>
> Also, I think saying "Hey, fbook uses it." does nothing to help people 
> map the concept in their mind.

Oh, it most certainly does.  I don't care how accurate you think your 
map is-- when someone peruses the links on the hidden wiki, the theory 
behind Tor rubs up against reality and the map gets blurred. Keep in 
mind some of those links advertise content that can generate the most 
intense emotional appeals out there.

So please do peruse the myriad responses on this list to the 
inarticulate outrage over shady and disgusting hidden service content.  
Find your favorite response and see how effective it is-- not in 
"winning" your side of the argument, but in actually reducing people's 
fears and enabling them to use Tor.  Meanwhile I'll use the end-run of 
"Facebook uses it", because practicing using a interesting hidden 
service is IMO the best defense against emotional appeals.

Anyway, if there were a hidden service tailored to the needs of ancient 
astronaut theorists I'm sure you could grasp all of this in less time 
than it took me to write a response.

-Jonathan

>
> Awesome,
> SpencerOne
>

More information about the tor-talk mailing list