[tor-talk] Giving Hidden Services some love

[spencerone at openmailbox.org]

Jonathan,

Thanks for taking the time to answer my questions!  In a broader sense, 
it appears as if I do understand the concept of Tor Hidden Services, an 
anonymity overlay of the Internet Protocol.  I referred to a security 
blanket since I thought we were securing our anonymity using Tor, but 
your description seems to be a bit more accurate anyway.

Though I do think, after reading your response, that I understand your 
statement about "know[ing] what a hidden service can do to benefit".  
Knowing what a HS can do, beneficially, only explains that service, not 
the concept of Tor Hidden Services at large.  The concept of anonymity, 
at least in the case of TorBrowser, is the key to grasping the 
concept/value of Tor Hidden Services, especially if using a similar 
example to your relay w/buttons scenario, where in one case you secure 
anonymity in a closed all encrypted network, and, in another, you secure 
anonymity within that same closed all encrypted network but run a higher 
risk of losing your anonymity by exiting the network into the regular 
web [which you entered from as well], though in both cases you do have 
some level of anonymity. So, I contend, that an actual explanation of 
what things are and how they work is the most effective, especially in 
the face of "this service that you are familiar with uses Tor Hidden 
Services", as that still requires an explanation of "for what?" and 
maybe "How?", not to mention what Tor Hidden Services actually is.

But, you are correct, that this certainly doesn't mean that someone 
[Dad] should understand all of the concepts and terms that I pulled from 
the Tor Hidden Services Document.  So, maybe somewhere in the middle is 
good.

Though, regarding a mental map, I do not mean of a site, just of what a 
hidden service is compared to a non-hidden service on the regular web.  
However, now that I have considered it, the descriptor of 'Hidden 
Service' is what is confusing, as it doesn't map as accurately back to a 
'Non-hidden Service' as it could without saying that all of the internet 
is non-hidden services.  Maybe describing the TorHS more like you did, 
an anonymity network that overlays, or is contained within, the Internet 
Protocol, is most accurate, though this might require understanding more 
about how the .onion TLdomain works in a browser.  Security [anonymity] 
can exist in the open.

Awesome,
SpencerOne







>>> Jonathan Wilkes jancsika at yahoo.com wrote:
>>> 
>>> This has long been a chicken-or-egg problem.  A general audience 
>>> (i.e.,
>>> not digital security specialists) must know what hidden services do
>>> before they get involved in hosting hidden services (or even using 
>>> them,
>>> for that matter).  But to know what hidden services do, a general
>>> audience must be able to use hidden services that interest them.  If
>>> there aren't any that interest them, then consequently there's no 
>>> demand
>>> for anyone to create them.  So few people know what they do, outside 
>>> of
>>> "hacking" and "omg darknet".
> 
>> I do not agree that to understand what hidden services do that one
>> must use them or find using them interesting.
> 
> We're probably talking at cross-purposes.  When I wrote "know what
> hidden services do", I meant a potential user should know what a hidden
> service can do to benefit them (or benefit their community). I don't
> mean that a general audience should understand all the technical 
> details
> you mention below, nor that Tor docs should try (and fail) to explain
> those details to a general audience.
> 
> For a general audience to understand what hidden services can do for
> them, there ought to be hidden services available which interest them.
> Then users can _use_ the services and learn (in a basic sense) how they
> work and why they exist.  Otherwise one must explain complex topics
> which are outside of the user's area of expertise, _plus_ contend with
> the reality that many of the widely-known hidden services are shady or
> disgusting.  If you've ever tried to explain the importance of online
> anonymity to a general audience, you'll understand what a difficulty
> these two issues present.  It's much more effective to show someone how
> to browse using Tor, and guide them as they learn for themselves.
> 
>> I, as well as many ancient astronaut theorists, contend, that the
>> explanation on the Tor Project's Hidden Services section of their
>> website needs to be more ... something [I was thinking 'Clear', but if
>> you understand the concepts, then it is most likely quite clear].
>> 
>> It starts out with a very simple claim about anonymity being the
>> purpose of using hidden services, but then, as it goes on to explain
>> how that works, it gets a bit confusing, mentioning things like
>> "rendezvous points", "relays", "circuits", "introduction points",
>> "hidden service descriptors", "public keys", "distributed hash
>> tables", "XYZ=16characters.onion", "one-time secrets"
>> "introduce/rendezvous messages", "entry guards", "entry nodes", &
>> "end-to-end encryption/decryption", which do not make sense to most
>> people [Dad].
> 
> If there were a hidden service that interested Dad, that doesn't 
> matter.
> 
> 
>> To me, understanding some of these concepts, it seems like a closed
>> network that overlays the internet protocol with a security blanket.
> 
> Well, it's an anonymity overlay.  Security blanket is probably
> misleading, as using hidden services aren't inherently more secure,
> broadly speaking.
> 
>> But is this accurate?  Is this needed?  How does this differ from
>> p2p, or does it then become p2p?  Is it comparable to Dotcom's
>> Meganet, which is supposed to be non IP? Other than not using the exit
>> relays, what value does it provide that Tor on the regular web does 
>> not?
> 
> As in the above example, both the whistleblower and Dad have some 
> degree
> of anonymity when the content is posted using a hidden service.  The
> whistleblower cannot easily post content anonymously on the regular 
> web.
> 
> I don't know anything about Meganet.
> 
>> Also, and this goes in a slightly different direction so ignore, why
>> is Tor using some relays to exit and not all?
> 
> Let's say you decide to run a relay.  Would you want to click the 
> button
> that only relays encrypted data within the Tor network (encrypted from
> _your_ eyes, too), or should you click the button that makes your
> computer fetch arbitrary pages from the regular web for anonymous Tor
> users?  Which would you guess requires less risk on your part?
> 
> 
>> I would like to communicate p2p but if scrambling my middleman
>> connections is the better [more secure] option then I would like to
>> know.  Also, does this series of relays count as a third party,
>> ultimately classifying my content [whatever I am communicating] as
>> public knowledge?
> 
> I don't know the answer to that question.
> 
> 
>> Also, I think saying "Hey, fbook uses it." does nothing to help people
>> map the concept in their mind.
> 
> Oh, it most certainly does.  I don't care how accurate you think your
> map is-- when someone peruses the links on the hidden wiki, the theory
> behind Tor rubs up against reality and the map gets blurred. Keep in
> mind some of those links advertise content that can generate the most
> intense emotional appeals out there.
> 
> So please do peruse the myriad responses on this list to the
> inarticulate outrage over shady and disgusting hidden service content.
> Find your favorite response and see how effective it is-- not in
> "winning" your side of the argument, but in actually reducing people's
> fears and enabling them to use Tor.  Meanwhile I'll use the end-run of
> "Facebook uses it", because practicing using a interesting hidden
> service is IMO the best defense against emotional appeals.
> 
> Anyway, if there were a hidden service tailored to the needs of ancient
> astronaut theorists I'm sure you could grasp all of this in less time
> than it took me to write a response.
> 
> -Jonathan
> 
> 
>> Awesome,
>> SpencerOne
>