Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Group Thinks Anonymity Should Be Baked Into the Internet Itself Using Tor

samzenpus posted about a year ago | from the don't-track-me-bro dept.

The Internet 123

Hugh Pickens DOT Com writes "David Talbot writes at MIT Technology review that engineers on the Internet Engineering Task Force (IETF), an informal organization of engineers that changes Internet code and operates by rough consensus, have asked the architects of Tor to consider turning the technology into an Internet standard. If widely adopted, such a standard would make it easy to include the technology in consumer and business products ranging from routers to apps and would allow far more people to browse the Web without being identified by anyone who might be spying on Internet traffic. The IETF is already working to make encryption standard in all web traffic. Stephen Farrell believes that forging Tor into a standard that interoperates with other parts of the Internet could be better than leaving Tor as a separate tool that requires people to take special action to implement. 'I think there are benefits that might flow in both directions,' says Farrell. 'I think other IETF participants could learn useful things about protocol design from the Tor people, who've faced interesting challenges that aren't often seen in practice. And the Tor people might well get interest and involvement from IETF folks who've got a lot of experience with large-scale systems.' Andrew Lewman, executive director of Tor, says the group is considering it. 'We're basically at the stage of 'Do we even want to go on a date together?' It's not clear we are going to do it, but it's worth exploring to see what is involved. It adds legitimacy, it adds validation of all the research we've done.'"

cancel ×

123 comments

Sorry! There are no comments related to the filter you selected.

True or False (0)

Anonymous Coward | about a year ago | (#45554579)

Group think stinks!

Re:True or False (4, Insightful)

jellomizer (103300) | about a year ago | (#45554913)

True,
Group think is the Opposite of Synergy.
Well it is the opposite outcome.

Unlike most people I actually know what Synergy means, and see how it is greatly misused.
Synergy is the process where a group of people working on a problem come up with a solution which is greater then the sum of what any individual could make.
Group Think is where the a group of people working on a problem come up with a solution which is less then the sum of what any individual could make.

Obtaining Synergy in an environment is very hard to achieve, because you need to make sure you don't have strong personalities trying pushing bad ideas thew their own force of will, or intimating position. People getting tired out from the process and settling on lesser ideas, reserved personalities not giving their ideas, and a slew of other things going on as well.

Group think is what usually comes out of these events, where the strongly supported stupid idea is forced down the thought, with issues not properly evaluated, and blank assumptions made.

interesting (4, Insightful)

ganjadude (952775) | about a year ago | (#45554593)

I like the concept, however If we are going to turn tor into a standard would it not make more sense to start from scratch and create a new standard based on tor instead? for all of tors advantages there are numerous disadvantages.

Re:interesting (3, Insightful)

aaaaaaargh! (1150173) | about a year ago | (#45554695)

Many if not most existing standards have turned out to be fairly mediocre from a security point of view, think of cell phone and wireless encryption for example. There is also some evidence from the Snowden leak that standards procedures and committees have been weakened by members acting overtly or secretly on behalf of government agencies. So they should be really cautious about such offers.

And why re-invent the wheel and make something fro scratch? Tor is working well, even too well in the eye of some people ...

Re:interesting (1)

Anonymous Coward | about a year ago | (#45554873)

That's the point. TOR does NOT work well. It's too easy to compromise with a bogus exit node.
TOR is not safe. Not at all.

Re:interesting (1)

Anonymous Coward | about a year ago | (#45555305)

The purpose of Tor is to allow you to connect to endpoints that need not be point-to-point encrypted aka ordinary web pages. There is no way you can make the exit nodes secure under this model, or at least none has been found so far.

Or let me ask differently: How would you fix it? A web of trusted exit nodes run by the government of choice? :P

Re:interesting (2)

noh8rz10 (2716597) | about a year ago | (#45557161)

There's no such thing as absolute privacy. you need to ask, privacy from whom. If you want privacy at a coffeeshop, use a VPN client so you don't get packet sniffed. If you want privacy at your home (shared) computer, clear your browser cache. If you want privacy from the servers you're connecting to, then TOR may be a good option. If you want privacy from NSA, then forget about it. It's best to assume the entire internet is a military resource, and you have guest privileges.

Re:interesting (2)

Charliemopps (1157495) | about a year ago | (#45555513)

Yes, but this is currently only a problem because there are very few exit nodes. What if EVERY user was an exit node? What if "Contains TOR Privacy!" would become a sales point on routers? If the exit nodes were in the millions and then chosen at random by the client, it would pretty much be impossible for a Government to gather information from a bogus exit now because they'd statistical only collect data from 1 user, chosen at random, at a time. Not only that, but since everyone would be using it, rather than TOR being a honey pot of people with "something to hide" in the governments opinion, it would now be flooded with Facebook posts and people surfing porn.

I think that the only thing that would do them a lot of good, and I'm not even sure it's possible, but if they could distribute your connection over several nodes, that would be a game changer. If while using TOR you could use the remaining amount of bandwidth in full, you'd be doing great. Currently you're stuck with whatever speed the exit node has, but if you could exit on multiple IPs like some new phones do then you could use several exit nodes.

Re:interesting (4, Interesting)

UltraZelda64 (2309504) | about a year ago | (#45555881)

While I do agree with you, an interesting negative to that would be:

If everyone runs their own Tor exit node, including unknowingly every dumb Windows and Mac user out there, then malware writers (the NSA?) would have a field day writing bad stuff that attacks and takes advantage of a very large number of exit nodes. So which is better: fewer exit nodes but a few known bad ones as it is now, or shitloads of exit nodes where the vast majority cannot be trusted? All it would take is one major outbreak to basically destroy Tor's purpose...

Re:interesting (2)

Antique Geekmeister (740220) | about a year ago | (#45555419)

Many security projects have also been deliberately crippled by cooperation with US export encryption regulations, and by the laws concerning suveillance capability for audio communications. These laws require "law enforcement" access to the communications. While Tor might skirt these regulations as not serving text, many fundamental encryption and anonymization technologies would directly block such monitoring.

Re:interesting (4, Interesting)

WaffleMonster (969671) | about a year ago | (#45556379)

There is also some evidence from the Snowden leak that standards procedures and committees have been weakened by members acting overtly or secretly on behalf of government agencies. So they should be really cautious about such offers.

In some ways IETF is almost a joke. "Consensus" building is supposed to be the key to movement yet there is no barrier to entry other than having sufficient number of brain cells to send a message to a mailing list. I have observed several instances of "ballot stuffing" where hoards of random people who very likely know and have contributed nothing at the last moment express support for x. The arbiter of what consensus means is always WG chair(s) who themselves mostly always work for a corporations with skin in the game.

The IETF process is most successful as a middle ground where there is market incentive to work together. In the case of tor there is no market to speak of to incentivize such behavior.

And why re-invent the wheel and make something fro scratch? Tor is working well, even too well in the eye of some people ...

My guess they might start with existing specification and evolve standard based on IETF process.

An example of this SSL v3 was mostly Netscape's doing while TLS v1 and later were products of the IETF. In this case there were no radical changes between versions and backwards compatibility was retained. There was also huge market incentive for broad compatibility and getting security right.

Re:interesting (1, Interesting)

Joce640k (829181) | about a year ago | (#45554699)

If you can tap into/analyze the internet backbones (as the NSA can) then Tor isn't very anonymous. They can track packets and figure out who's really connected to who even though the packets are relayed.

I don't know if this can easily be fixed, but now would be the time to do it.

Re:interesting (1)

Joce640k (829181) | about a year ago | (#45555221)

...and if you're the NSA you'll also up your own Tor nodes, which helps considerably.

Re:interesting (1)

f3rret (1776822) | about a year ago | (#45555707)

...and if you're the NSA you'll also up your own Tor nodes, which helps considerably.

This, however, they can (and probably already are) do.

Re:interesting (2)

Kjella (173770) | about a year ago | (#45555361)

It's not quite as simple as that, you can do many things that like padding things out to fixed sizes so you can't see JPG of 185254 bytes move through the network, but say only 256kb blocks. You can wait for other packets to come in and only multiple blocks at once so there's no clear link between which come in and which go out. You can pad things with dummy traffic so it appears you're routing it to several different nodes, that you're not the end point when you are and that you're not the starting point when you are. Those things are solvable as long as they only have backbone access.

The much harder problem is if they can run poison nodes and in a public network there's really no reason to think they won't. Particularly if they have the ability to interrupt your connections to non-poison nodes they'll quickly and easily trap you in a net where everyone you're talking to is the NSA and the supposed anonymity in routing and relaying traffic is gone. One compromised server in a TOR circuit isn't so bad, but if they have two - particularly the first and last - then you're pretty much boned. At least as far as anonymity is concerned, you can of course still wrap the actual traffic in https or PGP or whatever else for security.

Re:interesting (1)

f3rret (1776822) | about a year ago | (#45555705)

If you can tap into/analyze the internet backbones (as the NSA can) then Tor isn't very anonymous. They can track packets and figure out who's really connected to who even though the packets are relayed.

I don't know if this can easily be fixed, but now would be the time to do it.

They can't identify EVERYONE, and they cannot identify anyone in real time.

Re:interesting (2)

AmiMoJo (196126) | about a year ago | (#45555879)

Tor is resilient to that kind of analysis. For example it will combine packets together and pad them with dummy data before forwarding them. The NSA sees an encrypted packet go in but it never comes out again, only a different packet that may contain one or more other packets and is encrypted with a different key emerges.

Tor only has one major vulnerability, assuming you use it perfectly. That vulnerability is the NSA controlling a significant number of nodes on the Tor network. It would have to be an awful lot though, and current leaks suggest that they have not been able to do it yet. All their current attacks rely on the user making a mistake.

Re:interesting (4, Insightful)

jones_supa (887896) | about a year ago | (#45554715)

Let's still not forget that even if they end up designing a system which has some disadvantages, it would still be zillion times better than the current system. I just don't want this plan to be discontinued because some perfectionist nerd found some theoretical flaw from it, which can only be exploited by milking a Mongolian horse under full moon. That being said, of course we should still try to make as robust system as possible.

Re:interesting (1)

Captain Hook (923766) | about a year ago | (#45554847)

The problem is, the NSA budget allows for a lot of mongolian horses so there is always one available for milking at the appropriate time.

Re:interesting (1)

jones_supa (887896) | about a year ago | (#45555193)

It would still be an improvement. Obtaining those horses would create an extra step for NSA. All the ways you can make the spying process even slightly harder for NSA is good, as they currently can basically just set up taps almost anywhere and start listening without too much effort.

Re:interesting (1)

Joce640k (829181) | about a year ago | (#45555267)

Yes. One of the best defenses is to make it expensive for them to do.

Re:interesting (1)

Connie_Lingus (317691) | about a year ago | (#45555315)

really LOL??

since when is cost a consideration for a government that is already $17trillion dollars in debt?

Re:interesting (0)

Anonymous Coward | about a year ago | (#45555413)

since when is cost a consideration for a government that is already $17trillion dollars in debt?

When the things they use it for costs the lender more than they can expect in return.

If you borrow money from China and then use it to spy on China they will only tolerate it as long as the cost of your spying doesn't exceed what they gain from you being in their debt.
The problem is that this is an external limit that puts the population in the state fucked.

Re:interesting (4, Insightful)

Catbeller (118204) | about a year ago | (#45555561)

Where was all this concern about the debt when Reagan and Bush W. were cutting taxes, emptying the Social Security trust fund, and spending madly on military and spy agencies? When Reagan took office, the debt was 3 trillion. When Bush took office, it was 6 trillion. Clinton actually paid the debt down a half trillion in his final year: Bush immediately declared the surplus the people's money and gave the surplus back - then raised spending until he left the country another extra six 6 trillion in debt, with obligations to pay for wars and refund the money stolen from the SS trust fund since 1984. Republicans cut taxes and raise spending, run up the debt, have a rich man's party, then step back and let Democrats take all the blame and make the spending cuts and tax increases to try to repair the damage. This has been a thirty+ year tax-cut-based robbery. And always, always an excuse to cut aid to the poor, never the rich.

Re:interesting (1)

Connie_Lingus (317691) | about a year ago | (#45555981)

according to the u.s. constitution, Congress allocates spending.

just fyi...and also I would like to know where in my comment I specifically blamed any one political party for the national debt?

Re:interesting (4, Insightful)

jellomizer (103300) | about a year ago | (#45554945)

They are disadvantage on almost every thing out there.

You can pine on the disadvantages, or you can rate them and see how to fix them, without cutting into an other advantage, or increasing an other disadvantage.

Normally if a protocol is Fast, it is unsecured. if it is Secure, it is slow. If it is complex and full featured, there are a lot of failures in implementation, if it is solid, there is a lot less features.

Life is full of tradeoffs, Stop pining on the road you didn't take, and work on the road you took to make it better.

Re:interesting (1)

Thor Ablestar (321949) | about a year ago | (#45555157)

Normally if a protocol is Fast, it is unsecured. if it is Secure, it is slow.

Look at CJDNS. It's fast, simple and reasonably secure. While it doesn't officially provide anonymity, it's IMHO difficult enough to breach it's anonymity without disproportional waste of sniffing equipment. The NSA or KGB sniffers on backbone just aren't enough.

Re:interesting (0)

Anonymous Coward | about a year ago | (#45556127)

I think it's way too early to make such strong statements on CJDNS security.

Re:interesting (0)

Anonymous Coward | about a year ago | (#45555637)

Life is full of tradeoffs, Stop pining on the road you didn't take, and work on the road you took to make it better.

Nah, this is the internet. WE develop the protocols, WE make it work faster/slower depending on how it's transmitted. We can make it secure, fast, complex, full-featured (and open).

We are not the robot. We build the robot. Don't malign your humanity for imaginary reasons.

Re:interesting (0)

Anonymous Coward | about a year ago | (#45556033)

This won't work because other people:
a) Do not want to be charged for bandwidth used by other people
b) Do not want to be legally responsible for what their IP address is logged by.

If my website is anything to go by, the only people using Tor are spammers and DDoS'ers in Eastern Europe. This is a given by how 98% of the IP addresses originate in Russia, and the email addresses are all things like mail.ru and yandex. How do I know they're Tor Exit nodes? Because at least one person had the balls to set the reverse-dns to say "tornode." for that IP, and then I started checking the behavior in the log files, and the Spam was the same 3 user agents over and over using the same HTTP 1.0 sequences (which indicates Proxy use.)

What would realistically happen is that there would be a small number of exit nodes in legally questionable jurisdictions (eg Russia) as people who enable it won't allow exits from their IP address. So all the people wanting to be anonymous, would have their anonymity jeopardized by having closed source routers and modems leaking data, if not open source (eg linux) based devices having their firmware compromised.

Great idea in principle, however the economics of it would certainly doom it. People ALREADY render Tor unusable by running bittorrents over it, who's to say that this activity magnified would render "high speed internet" a thing of the past.

Isn't Tor compromised? (1)

dbIII (701233) | about a year ago | (#45554595)

Wasn't there an article here earlier about how it's not so difficult as earlier imagined to track inputs and output of Tor and connect them to the person using it?

Re:Isn't Tor compromised? (5, Informative)

Captain Hook (923766) | about a year ago | (#45554679)

Tor's weakness is when one organisation, such as the NSA, controls a large percentage of the exit nodes.

The larger percentage of the exit nodes a single organisation controls the better chance they have to seeing all the packets from any given user.

Becoming an Internet standard would dramatically increase the number of exit nodes making it harder for a single entity to control a decent proportion of them, although the basic attack would still work with enough resources.

Re:Isn't Tor compromised? (1)

Thor Ablestar (321949) | about a year ago | (#45555187)

A single compromised exit node is enough to breach the anonymity of the user. After this, everything that he writes under a nickname can be attributed to him.

Re: Isn't Tor compromised? (0)

Anonymous Coward | about a year ago | (#45555233)

i think the idea of making TOR an internet standard would be to do away with exit nodes, and have everything stay inside the TOR cloud, this way you maximize security. And TOR is much safer if you never go through exit nodes.

Re: Isn't Tor compromised? (2, Insightful)

Anonymous Coward | about a year ago | (#45555373)

It would also defeat the main purpose of Tor, which is to access the Web anoynmously.

If you want to build a separate anonymous network on the top the Internet, why would you use Tor and not technology that has been developed with that purpose in mind such as I2P, Freenet or Gnunet?

Re:Isn't Tor compromised? (3, Interesting)

fa2k (881632) | about a year ago | (#45555407)

Owning exit nodes is not sufficient to reveal the identity of tor users. Owning a large percentage of relay nodes AND exit nodes could compromise the anonymity, as one could just follow the progression of any data throughout the network. If the traffic volume is small enough to be able to statistically separate the streams from various users, it may be sufficient to surveil relay and exit nodes, instead of actually owning the hardware.

There are limitations: the exit node can mess with the data at will, in both directions, and this is how the FBI owned the visitors to a pedo site. They injected some HTML (I'm not positive that it was HTML/JS, but one would assume) to make the browsers of the users connect to FBI servers outside of Tor. It was a bug in firefox that allowed this.

There are two strategies to protect against this,
1) Encrypt everything; only access SSL sites over Tor. This works in theory because the exit node can no longer mess with the data stream. The only way to reliably use this strategy is to *block* non-SSL traffic. There are so many websites with mixed content, which may pull images and ads from non-SSL streams. Also, NSA may be able to break SSL either by a proper MITM attack (completely hypothetical, no evidence exists) or by owning private keys for some CAs.

2) Block any non-tor access from the system used to access Tor. This is possible at the network level with extra hardware, VMs and possibly with SELinux. If the browser *cannot* communicate over the standard internet, only Tor, then one is moderately safe. It's still important to configure the browser to not send identifiable information for fingerprinting and tracking cookies.

By doing 1 and 2 one is quite safe. It may be fine to use a less safe setup for non-secret stuff, like checking facebook, and contributing to flood the tor network with un-interesting traffic. If the "really anonymous" mode required restarting Tor, the NSA would be able to see this from ISP logs, of course.

Re:Isn't Tor compromised? (4, Informative)

Splab (574204) | about a year ago | (#45555851)

You really should read up on technologies before making statements like that.

The Pedo busts were not attacking exit nodes, it was an attack on the hidden services within the network, there is no mim attack on hidden services, as no one knows who is talking to who. What the FBI did was compromising the servers hosting the material, serving malware that send a single request out outside the TOR network.

Regarding 2; this only works if your software is perfect, which it won't be. The Pedo bust was abusing a known bug in Firefox 17, which had been fixed for quite a long time, it only takes a single bug in the stack to inject some data, that can be collected at some point later - Even if you only allow data through TOR and using SSL, there is nothing preventing FBI sending enough data about your local network, to help identifying you. (For instance, a quick wifi-scan gives you enough information to place my system somewhere in Denmark, using WIFI databases, like the stuff google collected with street view, you can probably pinpoint it even further)

While forcing SSL is a nice idea, generally, it wont work; as you said, people are doing mixed content - on top of that, it only takes a single compromised request to a CDN like jQuery, to have your system thoroughly compromised, see http://www.youtube.com/watch?v=ZCNZJ_7f0Hk [youtube.com] (While they are compromising anonymous proxies, the attack will work just as well on TOR)

Re:Isn't Tor compromised? (1)

fa2k (881632) | about a year ago | (#45556119)

You're right about the first point, it was a hidden service which FBI took control over, sorry I completely forgot and should have checked. Hidden serivces seem to have SSL-like protection built-in, thanks to the encryption of Tor, but when the FBI controls the server that's of course moot. That's also a different threat model than I thought of before, so bad example.

I still believe it's possible to be safe, but may have underestimated the risks before. The best way seems to be to use VMs or clean installations like booting from CD. There is then a separate computer for the Tor client, blocking anything but the Tor HTTP proxy with a firewall on the interface connected to the client. The client shouldn;'t have any unique software or hardware (as malware can enumerate USB, PCI devices, display resolution, etc), so the best is to use a VM. Also the MAC addresses of the gateway and the client must be randomised frequently, and the client must of course not have access to other communication devices like WiFi and bluetooth, and webcams. (don't know audio / microphone). The client would ideally have no persistent storage (one more point in favour of VMs, real hardware has a bunch of firmwares). The link seems interesting, actually talks about Tor, will have a look

Re:Isn't Tor compromised? (2)

fa2k (881632) | about a year ago | (#45556247)

Some corrections are in order, hope I caught all my mistakes now..

Hidden serivces seem to have SSL-like protection built-in, thanks to the encryption of Tor,

Probably not, that was made up. there is encryption, but I don't see how they could have authentication (unless the certificate was in the *.onion name, but they're not that long)

The best way seems to be to use VMs or clean installations like booting from CD. There is then a separate computer for the Tor client, blocking anything but the Tor HTTP proxy with a firewall on the interface connected to the client.

To clarify, client & gateway be connected directly, no others computers including no internet

The client shouldn;'t have any unique software

..including language & keyboard layout

(don't know [about blocking] audio / microphone).

OF course block mic. Not only can the malware *hear you speaking*, the mic probably also has a unique noise spectrum, and there may even be outside noises like trains. Speakers probably OK, but could relay information via high frequency signals to other compromised local computers

Bandwidth/Risk (1)

nurb432 (527695) | about a year ago | (#45556541)

And since a lot of us now live under bandwidth limitations, who would want to run an exit node?

That doesn't even address the potential for the feds to arrive at your door due to some moron out there trying to browse kiddie pron that happens to come out thru your node..

Unless we had 'protected' entities with enough bandwidth handling all the exits to the 'open net', then the concept of making this 'the standard' is flawed.

( freenet has a similar issue with bandwidth use.. who can afford to contribute what is needed? )

Re: Isn't Tor compromised? (0)

Anonymous Coward | about a year ago | (#45557251)

Normal people are afraid to run exit nodes, becoming a standard would also legitimate its use. So I would be able to run my own exit node without big risk of being swatted or going to jail because of someone else's actions.

Re:Isn't Tor compromised? (2)

Chrisq (894406) | about a year ago | (#45554691)

Wasn't there an article here earlier about how it's not so difficult as earlier imagined to track inputs and output of Tor and connect them to the person using it?

I think that this type of traffic analysis becomes harder as more people use it. The other weakness is if someone controls a large number of exit nodes - if routesr etc all could act as exit nodes it would be safer .... unless someone had a backdoor into the routers!!!

Re:Isn't Tor compromised? (1)

AHuxley (892839) | about a year ago | (#45554877)

If your the NSA or GCHQ every packet into and out of a country belongs to the gov for that ~"day". e.g. your message can go from the UK "around" the world a few times and back into the UK.
The GCHQ gets your entry IP, the message and your destination IP.

Tor (-1)

Anonymous Coward | about a year ago | (#45554615)

TOR was developed by the NSA. Do people really want to secure their data against someone who made the lock and has the key already?

Re:Tor (1)

Anonymous Coward | about a year ago | (#45554661)

Sources please?

Re:Tor (0)

Anonymous Coward | about a year ago | (#45554841)

Sources please?

Would that be leaking or whistleblowing?

Re:Tor (1)

MoreThanThen (2956881) | about a year ago | (#45555439)

just take a leak and whistle dixie

Re:Tor (1)

weilawei (897823) | about a year ago | (#45554849)

Not quite. Perhaps they had influence, but, from the mouth of the horse itself: "Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory."

Re:Tor (1)

AHuxley (892839) | about a year ago | (#45554901)

Think of it as a tool to let NGO's and US backed 'classic' color revolutions https://en.wikipedia.org/wiki/Colour_revolution [wikipedia.org] take hold and spread as web 2.0 was emerging.
After the Snowden news about total mastery of the 'internet' it all too late for US and UK use now.

Re:Tor (1)

gmuslera (3436) | about a year ago | (#45555231)

If Tor were closed source you could had some reason. But the NSA hates to put their access codes in plain sight, and that it is open source, with everyone using/implementing it free to inspect and check if there is any vulnerability in its design makes pretty hard that it be compromised at that level, no matter who developed it.

Getting this past the censors? (2)

Jamlad (3436419) | about a year ago | (#45554631)

But how else then shall they keep us safe from all the Bad Guys, ne'er-do-wells, pedophiles, terrorists, communists, liberals, hippies, criminals, foreigners, pirates, gays, racists, misogynists, thought crimes, neighbors, and YOU?

Re:Getting this past the censors? (2)

dmbasso (1052166) | about a year ago | (#45554933)

Cold fjord, is that you?

Re:Getting this past the censors? (0)

Anonymous Coward | about a year ago | (#45555097)

There's no need to rush; cold fjord is everywhere and everything here is his.

Re:Getting this past the censors? (0)

Anonymous Coward | about a year ago | (#45555269)

Stop talking to yourself, cold fjord.

TOR? Or I2P? Or Freenet? Or something else? (3, Insightful)

coder111 (912060) | about a year ago | (#45554641)

Hmm, TOR is a nice project and all, but it has its benefits and drawbacks. I think IETF need to give quite a bit of thought before adopting some technology as a standard.

I'm all for anonymous communication with encryption though. I hate what corporations and governments are doing to the internet. I do believe internet is the most important human discovery since fire, and its freedoms need to be preserved...

--Coder

Re:TOR? Or I2P? Or Freenet? Or something else? (1)

Anonymous Coward | about a year ago | (#45554869)

I don't know that I'd consider the internet a "discovery". More of an invention. A discovery is like finding a new species of animal that's existed for a long time, but we didn't know it was there.

Re:TOR? Or I2P? Or Freenet? Or something else? (1)

Lennie (16154) | about a year ago | (#45555095)

If something would happen at the IETF, mostly likely out come would be if the IETF would create a work group to create a protocol, maybe based on one of those existing protocols. Just like HTTP/2.0 is based on SPDY, but isn't SPDY.

Re:TOR? Or I2P? Or Freenet? Or something else? (1)

Joce640k (829181) | about a year ago | (#45555317)

Hmm, TOR is a nice project and all, but it has its benefits and drawbacks. I think IETF need to give quite a bit of thought before adopting some technology as a standard.
--Coder

Even if they do, the NSA will make sure it never gets built into a major OS or anything that people can download/use simply.

I've always suspected the reason why Outlook (or whatever) doesn't have encryption enabled by default was because of visits from the men in black SUVs.

After the last couple of months I'm 99.999999% sure it's true.

Re:TOR? Or I2P? Or Freenet? Or something else? (0)

Anonymous Coward | about a year ago | (#45556253)

Phantom
It doesn't have exits you can screw yourself with, use Tor for that.
It does have native IPv6 internal transport.
Which means you can use ALL your favorite IPv6 enabled apps with it right now without fucking around with I2P and it's shortcomings.
ie: it works GREAT with Vuze (bittorrent and all filesharing apps), UDP/TCP telephony, P2P email, chat, webservices, FTP, etc.
You can get IPv6 with Tor and onioncat today, but Tor is going to break that in a few releases.
Phantom will be the only anonymous private network where you can securely run any application that you have over it.
No special shims, no relying on a limited list of less-than-featureful built-in applications, just use what you want to use.
That's powerful!

http://code.google.com/p/phantom

I wonder how long (1)

skovnymfe (1671822) | about a year ago | (#45554681)

until someone simply creates an STCP/SUDP/SIP standard where the first thing any newly established connection does is negotiate SSH-style encryption (fuck TLS), with fallback to regular TCP. Can't be that hard, can it?

Re: I wonder how long (1)

mattpalmer1086 (707360) | about a year ago | (#45555077)

Go for it.

Don't worry - you won't get anywhere close, but I guarantee you will learn a lot.

Start by trying to define what you are protecting from whom, and how two arbitrary endpoints who have never met can know they are talking to each other and not a man in the middle.

Re: I wonder how long (1)

Joce640k (829181) | about a year ago | (#45555387)

how two arbitrary endpoints who have never met can know they are talking to each other and not a man in the middle.

My take on this is that the messenger apps should permanently show a fingerprint of the encryption key on screen (eg. at the bottom of the window).

If the key is easily visible then people would be able to compare keys when they meet in real life. Any mass tampering by the NSA would then be obvious and provable. You can also compare keys in other ways, eg. in a voice call.

It doesn't prevent man in the middle attacks but it makes it impossible to do in secret.

This is people mistaking "want" with "will" (-1)

phayes (202222) | about a year ago | (#45554685)

It's the wet dream of a very small minority. The vast majority of internet do not want TOR baked into their internet enabled devices. The Internet is much more than a bunch of guys at educational facilities with little/no restrictions on their use vast amounts of bandwidth and very little idea of how much it costs.

TOR does not pass the sniff test at any business I have ever worked with and almost all home users balk at having the uplink that they are paying for monopolized by traffic from around the globe.

Re:This is people mistaking "want" with "will" (4, Insightful)

d33tah (2722297) | about a year ago | (#45554697)

I'm under the impression that you're confusing things. Noone said that you'd be forced to run an exit node, or even a relay. I believe it's just about making the protocol a standard.

Re:This is people mistaking "want" with "will" (1)

CreatureComfort (741652) | about a year ago | (#45554803)

But the extension, as mentioned in the summary, would be to bake it into internet appliances, such as routers and modems, that would automatically connect via TOR, without user intervention. Now I'm sure that if you are a savvy user and used to going into your router settings to tweak things, there will be a check box to remove TOR default functionality, but most folks will just wonder and complain about how much slower their connection is with the new internet box thingy.

Re:This is people mistaking "want" with "will" (1)

phayes (202222) | about a year ago | (#45555137)

Riiiiight and pushing TOR to be an "internet standard" is not people wanting it to be baked into devices like Teredo has been in in windows since Vista...

Re:This is people mistaking "want" with "will" (1)

Anonymous Coward | about a year ago | (#45554851)

The vast majority of internet do not want TOR baked into their internet enabled devices.

The vast majority of internet do not want to have their every online action stored indefinitely, cataloged, profiled, and sold to the highest bidder. All it takes is a couple of interested and motivated parties.

Re:This is people mistaking "want" with "will" (1)

JeffOwl (2858633) | about a year ago | (#45554989)

Is that why so many of them use Facebook and Google services? It is possible that they don't "want" it, but if they don't care enough to stop using Facebook and Google then what makes you think they would want to use Tor? Also, people doing lots of legit downloading don't want anything that negatively impacts download speeds and gamers don't want anything that impacts latency and couldn't give a rats ass about the government knowing that they play BF4..

void between chair and keyboard (3, Insightful)

Anonymous Coward | about a year ago | (#45554701)

*OMG* no! Tor does nothing if you want to spill your personal guts all over the internet. Also cookies and other nefarious tracking technologies work
wonderfully right through tor. tor doesn't block you if you want to scream your name and credit card number and whatnot to the internet ...
can we just have websites work without javascript and FLASH?!

Re:void between chair and keyboard (1)

AmiMoJo (196126) | about a year ago | (#45555915)

I don't think anyone said it was a silver bullet, just a part of the solution.

How is this straw man +3 insightful? (0)

Anonymous Coward | about a year ago | (#45555973)

As the other child said, nobody's saying this is a universal solution. However, making Tor an internet standard is a fantastic idea. It obfuscates the source of data and this is good for privacy even if it doesn't solve every issue related to it. Arguing against making it a standard because "you can still be dumb" is an utterly absurd argument and the people who modded it insightful ought to be ashamed. Should we also get rid of cryptography? After all, protecting your data doesn't prevent third parties from obtaining the source data unencrypted from your drives. I guess that means it's worthless, huh?

Excellent! (0)

Anonymous Coward | about a year ago | (#45554739)

What can I say. There probably will be challenges, but as of today this is something that I give my full support.

There comes a time when splits are required. (3, Interesting)

Anonymous Coward | about a year ago | (#45554743)

How feasible would it be to split the internet right down the middle but share the same lines?

So on one half you could keep the wild wild west net and on the other all the cry babies and censor-happy types can have their walled wide web.
Then just onion-up the wild wild west side.

Re:There comes a time when splits are required. (1)

Anonymous Coward | about a year ago | (#45554911)

Also, I realized a bit of a misunderstanding in my own post that could lead to confusion.
Note that I do mean the internet when I refer to wild wild west and walled wide web, those were just metaphors for the web being the most commonly used services for the standard user.

I'd personally love for such a thing to happen because it would essentially finally emulate the real world.
At the moment it is just a horrific mess of services mashed together with broken censorship all around.

The walled wide web would be great for kids while the wild wild west would be great for those that aren't stuck in the 1500sBCE, or kids.

Re:There comes a time when splits are required. (3, Insightful)

FireFury03 (653718) | about a year ago | (#45555053)

How feasible would it be to split the internet right down the middle but share the same lines?

So on one half you could keep the wild wild west net and on the other all the cry babies and censor-happy types can have their walled wide web.
Then just onion-up the wild wild west side.

This wouldn't work because you're forgetting the censor-happy people's mentality: they aren't trying to censor the internet so that they can't get to certain material, they are trying to censor it so that _you_ can't get to certain material because the _idea_ of you looking at certain stuff in private offends them. So this kind of split couldn't happen because the censor-happy people still don't want to allow you to get to the "wild wild west" net.

Wide-scale censoring is all about "I find what you do in private to be offensive so you should be locked up for offending me!" and almost never to do with "I find this content offensive so don't want to see it myself". Much the same way as various activities happening between consenting adults in private are illegal - this isn't about protecting anyone from anything other than offense caused by their own narrow-mindedness.

Note, I do think there is a place for local-scale censorship, such as preventing kids/teachers at school from accidentally stumbling across stuff they shouldn't. However, where kids are *actively* trying to get at porn, et-al, censorship is never going to work and it is far better to spot kids doing this so someone can have a talk with them. That's not to say that I necessarilly think kids looking at porn is a bad thing (indeed, it's completely normal), but talking to them about it to put it into context is probably a good plan.

Re:There comes a time when splits are required. (0)

Anonymous Coward | about a year ago | (#45555375)

Some censor is about "this requires something horrid to be produced, and thus we should do all we can to ensure that it is not produced".

You could argue that the horrid thing has happened, now the information WANTS to be FREE. But then I'd think you are a dick.

Re:There comes a time when splits are required. (1)

SuricouRaven (1897204) | about a year ago | (#45555623)

"However, where kids are *actively* trying to get at porn, et-al, censorship is never going to work"

I work at a school. You are quite correct. If they want to find something enough, they will find a way.

Re:There comes a time when splits are required. (1)

Jason Levine (196982) | about a year ago | (#45555971)

And the best thing about "local-scale censorship" is you get to decide what to censor. If you happen to think that the human body is fine to be viewed but violence is horrible, then you can ban violent sites and allow sites that show humans sans clothing. If you think that certain combinations of adult humans are abhorrent, you can block that from being viewed by you (or anyone else in your house). And so on. Meanwhile, other people with other ideas of what is fine to view and what isn't will view (or block) their own sites without affecting you.

If the censor-happy people really just didn't want to see the stuff that offends them, they'd install NetNanny (or a similar program) and be done. Instead, like you said, the mere existence of what offends them is what gets them upset. They don't care if you need to type in an address, confirm your age, sign up for an account using a credit card, pay a $10 monthly fee, and THEN get to see the offending content. The fact that a path exists to the content at all is horrible and MUST be stopped at all costs. Usually because they imagine a child innocently stumbling along the path - no matter how unlikely - and seeing the content. ("Then little Johnny mashed his fingers on the keyboard and just happened to enter our Discover Card number and expiration date.... If only the site was banned, he wouldn't have seen those nekkid women!")

Re:There comes a time when splits are required. (1)

nurb432 (527695) | about a year ago | (#45556587)

It's already been done. Its called 'FreeNet'.

IETF, please use better tech (0)

Anonymous Coward | about a year ago | (#45554767)

Why build on tor with its known deficiencies while truly freedom guaranteeing tools such as Freenet exist?

Re:IETF, please use better tech (1)

SuricouRaven (1897204) | about a year ago | (#45554839)

TOR on such wide usage would cripple the internet with the load. What is needed is some sort of anonymous decentralised content-addressible database to handle the bulk data distribution.

ie, Freenet.

Why the hell would you trust Tor? (0, Insightful)

Anonymous Coward | about a year ago | (#45554855)

Tor was INVENTED by the DoD. Do you think the NSA would allow it to exist if they have not compromised it? Look at a map of Tor servers - there is a HUGE cluster in the Virginia area.

Tor is a honeypot.

Re:Why the hell would you trust Tor? (1)

AHuxley (892839) | about a year ago | (#45554965)

Yes this was well understood in 1997 and still seems to be 'news' to many. You have many 'well' funded exit nodes in interesting locations.
"Low-Resource Routing Attacks Against Anonymous Systems" pdf:
http://digitool.library.colostate.edu/webclient/DeliveryManager?pid=168113 [colostate.edu]

No. (0)

Anonymous Coward | about a year ago | (#45554891)

The IETF does not "change Internet code;" they develop standards, specifications and procedures. The actual implementation and then deployment of these is up to everyone else. Further, large scale use of TOR is a horrendously terrible idea. It's generally slow as molasses, it does not provide the anonymity it's intended to and traffic leaving an exit node is highly susceptible to traffic analysis.

A group thinks the Internet should be anonymous... (0)

Anonymous Coward | about a year ago | (#45555015)

... And I think I should get a pony for my birthday!

Wrong approach... (0)

Anonymous Coward | about a year ago | (#45555033)

How about we address the reasons we need to hide who we talk to instead of finding new and creative ways to hide? Why are we trying to find technical solutions to social issues?
Tor is a great tool to fight underground criminals, but not so great when you fight rogue governments, who can simply mandate blackbox spychips in all networking hardware available to you.

Posting anon because I don't have an account.

Re:Wrong approach... (1)

dcollins117 (1267462) | about a year ago | (#45556425)

The solution to world peace is simple - no one likes war, so all we need to do is get everyone to agree not to fight one another. Problem solved.

How about we address the reasons we need to hide who we talk to instead of finding new and creative ways to hide? Why are we trying to find technical solutions to social issues?

It's the best we can do. We're engineers, not omnipotent beings.

Tor is NOT secure (1)

Jody Bruchon (3404363) | about a year ago | (#45555207)

There are so many ways that browsers and other software that communicates via the Internet give up the identity of the user. Tor can't stop any of them, and they explicitly say so. I'm working on designing a new protocol and the software to run it that anonymizes communications better, and I had to eliminate the chance that existing software could tunnel through it because of this. Any software that tunnels communication which isn't secure will automatically be a major security risk. Even turning off JavaScript and Flash and Java don't help; see the NSA's use of exploits against Tor browser bundle security flaws to ID users for why not.

I hope Tor runs away as fast as it can (3, Insightful)

pedantic bore (740196) | about a year ago | (#45555271)

I've worked with the IETF on several RFCs. I'm also familiar with the challenges that the Tor project faces daily, and what they have to do to stay ahead of the entities trying to break Tor. I think for Tor to even stop to talk to the IETF would be an waste of their time; Tor needs to be nimble, and the IETF standards process is painfully, horribly slow and unable to move quickly on anything. Given that Tor releases updates on a cycle that is shorter than the normal time a draft spends in the AD review queue, by the time an RFC got to the standards track it would already be out-of-date.

Content addressible, please! (1)

SuricouRaven (1897204) | about a year ago | (#45555311)

All these anonymous routing techniques place a lot of load on the internet and a great deal of latency. I have a proposal to help:

A content-addressible distributed store for static content. You can make it work like Freenet if you really want to be paranoid, but that isn't needed. Just a distributed caching system indexed by, say, sha256 hash.

It'd take some minor revisions to web browsers, but you can make this work with backwards compatibility by using a reserved word in a URL. Eg, http://theserver.com/magicword/sha256/hash/mime/mime/filename.jpg [theserver.com] . A non-compatible browser would simply treat it as a plain file request and get it as normal, while those supporting the protocol instead recognise the /magicword/sha256/ part. Longer term, once the infrastructure is in place, switching to magnet links would offer some significant advantages like the ability to specify multible hashes, size, etc.

Clients can then contact any convenient cache server (The source, ISP run caches, ones built into routers found by service discovery, other clients on the same segment) to obtain the desired file.

This address-by-hash approach has some major advantages in efficiency which would make anonymous routing and physical mesh networking much more viable.
- Improved caching proxy performance: No more messing around with IMS requests. The hash defines the only correct response, and it doesn't expire. Ever. Think of the potential for how much better multi-user caches can work under those conditions. The first person views a viral video, and no-one else has to wait for it to download over the WAN. Great on moving vehicles, too: A train's cache can load up the day's iPlayer etc video in the morning and commuters can enjoy a high-performance cache rather than struggle with mobile access.
- Improved resistance to takedowns: You can take down the site that first hosted content, but so long as the hash for that video is being passed around it'll be near-impossible to eliminate it from every caching node. It's also a lot easier to find new hosting for a few kilobytes of HTML than a twenty-meg video that half the country wants to see at once.
- Reduced latency and improved performance by moving the content closer to the destination: It'd be like a CDN for the masses, except no need to pay a fortune for it.
- Reduced hosting costs: For the same reason. Fewer re-requests for files already seen once, better caching proxy capabilities.
- Improved offline access: Internet access unreliable? By eliminating the need for IMS queries for images, pages can load from cache much more easily. If the HTML is static and addressed via hash, an entire website could be stored that way.

CAN for static content, conventional packet switch for dynamic. I think that's a good way to go. Different types of traffic that need to be handled in completly different ways.

Re:Content addressible, please! (0)

Anonymous Coward | about a year ago | (#45556233)

This doesn't solve anything.

You're also confusing Tor with BitTorrent.

Like a better solution would be to extend HTTP to always be encrypted and set various headers like:
a) Toxic (This content can only be downloaded via eDHT)
b) eDHT hash

and then the web browser will download it via high-encryption, double-onion routed bittorrent-like mechanism (current bittorrent encryption is rc4, or basically useless)

This way, the file is never even sent from the host, it may not even exist.
HTTP 1.1 already sends checksums, but they're a lot more arbitrary (eg one server may be a CRC of the physical file while another might be a filename+date checksum) this is how proxy caches can validate if a file should be served or re-fetched.

The thing is, proxy servers already exist, they're basically as useless as Tor for anonymity.

The existing "wild wild west" browser/internet technologies need to be thrown away entirely to ensure anonymity.

- iframes must be same-origin
- images must be same-origin
- javascript must be same-origin
- Java and Flash must be killed off

And that's just the smaller technical problem, because you also have
- unencrypted HTTP headers
- leaky DNS (good god the entire DNS system would need to be thrown away and replaced with shared chain-of-trusts, eg "98% of computers agree that microsoft.com is at X Y and Z nodes")
- IP addressing (IANA), MAC addresses,Wifi BSSID and Phone numbers/IMEI/IMSI information that indicates the device, carrier and geographical location.

Like that last point alone ensures that there will be no anonymity on the internet so long as Tor exit nodes can be identified as Tor nodes in specific countries. That information creates it's own fingerprints that can always be seen at the ethernet packet level. All NSA has to do is identify users by the unique fingerprint it creates by finding out what fingerprints it creates when it's not encrypted.

You'd be surprised at what information your cable modem leaks.

torproject should sell tor routers/phones/desktops (1)

keneng (1211114) | about a year ago | (#45555475)

Tor project should sell tor applicances in every shape. routers, phones, desktops, laptops. Lots of phones/routers have GNU/Linux customizeable firmware. Nobody has taken upon themselves to offer up turn-key solutions/support for these.
Jolla Phone, Mozilla Firefox OS phone, Cyanogenmod?, Iphone, Ubuntu Phone.

You could configure it with tor DIY as you would your desktop, but for your grandma that doesn't cut the mustard.
That's why a turn-key service-offering like that would be best.
That would be something worth selling in little mall kiosks across the country.
To give you an idea how much people crave for something like this, the bitcoin(anonymity-related) Robocoin kiosk in Vancouver is a success in its first month.

Here is how I think things should work:
1)You could pay torproject a fee and send them your SIM/phone/ADSL-VDSL-CABLEMODEM router.
2)torproject does what needs to be done. i.e. flash the phone, flash the router, and automagically configure for customer to target isp/phone provider.
3)torproject sends you the appliance ready to go.

If you don't have a phone/router, it would be best to ask for recommendations from torproject what hardware can best support your digital freedoms and privacy.
At present, I prefer the specs and digital freedom of the Google Nexus 4. Ubuntu Phone, Android, Cyanogen, Replicant, FireFox OS can run on it. Iphone can be jailbroken, but the point here is to buy hardware that supports digital freedom from the get-go. Google sells all its NEXUS phones UNLOCKED as it should be and that's why I recommend the NEXUS 4 because they are well-known in the developer community. The NEXUS 5 is a beautiful phone, but at present it's hard to find other firmwares running it on it apart from Android. That's a bug and not a feature with respect to Digital Freedom and Digital Privacy. The consumer deserves the right of choice of OS on their hardware applicance be it phone, computer, router, fridge, coffee-maker whatever.

The IETF could put TOR in the plumbing, but it's not going to happen. It's not politically correct in some countries and that's why it's not going to fly that way. It has to be through some hardware manufacturers and let the consumers purchase it. CONSUMERS have all the purchasing power.
All we have to do is market digital freedom and digital privacy hardware and ensure it comes with a turn-key tor solution in it.
Torproject should be the ones providing that and receive some kind of fee for it.
Tails CD was close, but it has bugs and doesn't work behind routers. That's why torproject router/phone firmware would be important to have.

My engineer's brain hurts (1)

CurryCamel (2265886) | about a year ago | (#45555715)

The shortest path between two points would not be a straight line, but it would go around three sides, twice.
Can't we all just get a long so we wouldn't need this sort of nonsense. *sigh*

Re:My engineer's brain hurts (1)

jones_supa (887896) | about a year ago | (#45557237)

I feel ya. Possibly a saner and still effective system would be to simply enforce end-to-end encryption in all communications.

The problem is with the insecurity of HTTPS (0)

Anonymous Coward | about a year ago | (#45555729)

The way we fix web security is by integrating diffie helman into HTTPS. You demote all PKI certificates to use for authentication of web resources, and use Diffie to provide the actual cryptography via 3DES or AES; if it's an overseas transaction use DES to avoid weapons export laws.

This also renders useless the the NSA sending a national security letter to Verisign and get all the keys on a CD. Sure you can impersonate a website actively, but tapping existing encrypted communications is now virtually impossible. More importantly you've got to maintain vendor contacts to make snooping on everyone viable.

I Cannot MITM that using SSLStrip as one example. The author of SSLStrip in his youtube video actually used a TOR exit node to go fishing. He got literally over a hundred logins to websites and banks doing so. Tor is Less secure than just using a regular internet connection.

From there if you clean your cookies every time you close your browser, and if using IPV6 generate a new MAC address, and run antivirus\anti spyware you're basically set.

if widely adopted (0)

Anonymous Coward | about a year ago | (#45555749)

Sign me up, I sure want to be held liable for someone else transferring child porn across the web! No, this isn't going to fly. No one is going to give exit nodes idemnity from prosecution. Prosecutors go after the lowest hanging fruit possible.

Sourceless datagrams (0)

Anonymous Coward | about a year ago | (#45556079)

If you want to "bake in" anonymity into the Internet do it at IP layer by allowing datagrams to be sent to a destination without return source address. Use a special source address for IPv4 and IPv6 out of IETF reserved space. Updating BCP 38 and friends accordingly complete with enabling socket options such that sourceless datagrams can be done without special privileges or resorting to RAW sockets.

Any app specific addressing (! IP) necessary for bi-directional communication would be punted as far up the stack as possible. tor routing is then applied on top of it.

Who wants to pay for it? (2)

Cajun Hell (725246) | about a year ago | (#45556155)

One thing you've gotta admit about Tor, is that it's an inefficient way to get packets from point A to point B. If we had Tor built into the all Internet protocols, don't you think one of the first things you would do, would be to look at some case where you didn't like the performance you were getting, and then you'd "invent" a shiny new protocol that directly links two points, providing massive performance improvements at the cost of making traffic analysis easier? And don't you think there are shitloads of applications, where that tradeoff would make sense? Inventing not-Tor would be the biggest thing, ever.

Crypto is good. Modern CPUs can handle it effortlessly, nearly for "free." There are some cases (e.g. shared caches) where you might not want the tradeoff, but overall it's turning out to be a no-brainer, almost always worth the compromise. You just can't say that about onion routing, though. It's subjectively good, at best.

BTW, also: here in America, a lot of us have asymmetric connections for the "last mile."

Two things that must be resolved first! (0)

Anonymous Coward | about a year ago | (#45556417)

1) Tor cannot introduce a bottleneck. It will now in it's current implementation and user base. This is acceptable since it's an optional component and people accept the bottleneck as a security concern but when if it becomes a common implementation to the point it's being used by default without consumer setup then bottlenecks must be avoided. Surely the capacity of the supporting user base will increase and I'm assuming that if it becomes such a common standard then people will become transport nodes themselves as well, increasing the availability and general usage speed but it only takes one node to slow the connection. Ensuring their are no bottlenecks must be part of the standard itself. I have some ideas on how but I don't think I'm advanced enough nor are they good enough to be worth sharing with the IETF since they already have more experienced people working on the same aspect.

2) Endpoint encryption must be mandated. The data traveling from the exit node to the final destination MUST be encrypted. If not then anyone acting as a end node can intercept, steal, mitm, counterfeit, etc. In principal, if tor is becoming a common protocol like this then it's fair to assume that everyone will become an exit node and at the same time everyone would be using tor without setting it up (I think, if I understand this correctly). That means people who want to steal credit card numbers, logins, etc just need to watch for the unencrypted connection containing the data traveling through their exit node and they will be able to find scores of data and that's just one of the avenues of exploitation.

I think one simple solution for (2) is to make the exit node the endpoint; the final destination, the 4th hop. If tor becomes a common standard then everyone including the end service will be a tor node. We could mandate SSL from the exit node to the endpoint but that adds a layer of complexity. If the endpoint is already a tor node based on tor being a common standard that is deployed to the masses as an underlying protocol then we can make the endpoint and the exit node the same host. In doing so, we may even trivialize, supersede and deprecate SSL/TLS in the process. Tor can carry any traffic, as far as I'm aware, supports encryption and if the end point is the exit node then it will be receiving a tor packet which only it will be able to decrypt. This will also decentralize the encryption itself. There will be no "trusted" parent certs from private firms that we're unsure how secure they really are (GoDaddy, verisign, Network Solutions, etc) or if we have to ask if they have already handed over their certs to the NSA as we do now with SSL/TLS. Additionally if we eliminate the non-tor hop from the exit node to the endpoint, we will effectively be eliminating any point where the communications can be eavesdropped on in a vulnerable state where a possible exploited cert exists. I mean we won't need SSL/TLS from the exit node to the endpoint where someone can setup a sniffer and know about a known compromised SSL/TLS certificate that they can decrypt such as it's speculated that the NSA already can. If the exit node and the endpoint are the same host then SSL/TLS becomes trivial and excessive. SSL/TLS would become plain text wrapped in one encryption protocol wrapped in another encryption protocol, redundant and excessive at that point.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?