Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Tor: A JAP Replacement

Posted by CowboyNeal on Thu Aug 05, 2004 08:14 PM
from the trust-no-one dept.
Privacy Software The Internet
kid_wonder writes "Wired is running an article describing an answer to this previous /. story. Packets are sent through a network of randomly selected servers each of which knows only its predecessor and successor. Packets are unwrapped by a symmetric encryption key at each server that peels off one layer and reveals instructions for the next downstream node. As a 'connection-based low-latency anonymous communication system,' Tor seems to be the answer to JAP to allow anonymous networking activities of all kinds."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Tor: A JAP Replacement 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Before you know it... (Score:5, Insightful)

    by cytoman (792326) on Thursday August 05 2004, @08:17PM (#9895677)
    ... the RIAA and the MPAA will be all over this, denouncing it and crying foul!

    sigh...

  • Talk about politically incorrect (Score:4, Funny)

    by Anonymous Coward on Thursday August 05 2004, @08:18PM (#9895684)
    We are REPLACING japs now??!?!?

    • Re:Talk about politically incorrect (Score:5, Funny)

      by Anonymous Coward on Thursday August 05 2004, @08:26PM (#9895741)
      The new version will eventually be called ARAB. One of the security improvements is sandboxing, and when a process begins to misbehave, it's quickly killed.

  • Freenet? (Score:5, Insightful)

    by pope nihil (85414) on Thursday August 05 2004, @08:18PM (#9895687) Journal
    Isn't this onion routing thing exactly what freenet uses?

    • Re:Freenet? (Score:5, Informative)

      by MoonBuggy (611105) on Thursday August 05 2004, @08:26PM (#9895743) Homepage
      That's exactly what I thought (and I believe that we're right). What's interesting here though is that it claims to be low-latency, a quality rarely associated with Freenet and probably the primary reason that Freenet remains largely used by people who need/want _extreme_ anonymity rather than your average movie downloader wanting to avoid one of those nasty lawsuits.

        • Re:Freenet? (Score:5, Insightful)

          by Sgs-Cruz (526085) on Thursday August 05 2004, @09:48PM (#9896172) Homepage Journal
          Which is your right, obviously. But don't be accusing anyone who uses it of trading child porn. I was using Freenet a while back just for the novelty of trying it out -- I found it (much like the Gnutella network) unusable for downloading music/movies so I stopped using it.

          But my point is just because it can be used for bad purposes does not mean it necessarily will.

          • Actually, freenet hides everything so well, that of course people are going to stash rotten files all over it. An anonymous network doesn't have to be so opaque to the users themselves though, only to eavesdroppers listening from the outside. Take my own idea about a network, metanet. It still guarantees a useful anonymity, but being an IP network (and not some asshat file-trading "p2p is the wave of the future" application), most people on it tend to know everything that is there, without spending 24 hours

            • Re:Freenet? (Score:4, Interesting)

              by MacJedi (173) on Thursday August 05 2004, @11:52PM (#9896860) Homepage
              Forgive me if I am misunderstanding you, but if it is impossible to link a nickname to a real person, how is that not a climate that encourages illegal activity? Sure, nobody wants to tarnish their online persona, but who says they are limited to only one online persona?

        • Re:Freenet? (Score:5, Insightful)

          by HeghmoH (13204) on Thursday August 05 2004, @09:58PM (#9896232) Homepage Journal
          What a crazy attitude to have. There are other reasons you'd need that much anonymity.

          First, your dismissal of people who live in China is incredibly inappropriate. Over a billion people live there, and you just dismissed them out of hand. And then there's the exile situation; what about somebody who's now living in the US who still can't speak out freely because of repercussions on friends/family back home? Do they simply not count?

          There are plenty of other reasons, though, all the way from "VP in Fortune 500 company wants to expose toxic waste problems without risking being found out as the source" to "I'm such an incredibly paranoid person that I don't want to risk the wrath of the US government for posting these funny pictures of Bush" all the way to the classic standby, "because I want to".

          I don't use Freenet, but I also don't simply assume that everybody who searches for perfect anonymity must be a reprehensible criminal.
          • Also, what about people who may work for, picking a random company, JBoss Inc., but want to register for multiple forum accounts without getting busted? :-)

        • Re:Freenet? (Score:3, Insightful)

          by Dwonis (52652) *
          the only real reason you'd need that much anonymity is for kiddy pr0n...

          First of all, I disagree that that is the "only real reason" why a person would need that much anonymity, but that's not what I'm going to argue.

          Rather, I have a simple question for you: What do you think is wrong with wanting that much privacy, even if you don't strictly need it?

    • Re:Freenet? (Score:4, Informative)

      by elleomea (749084) on Thursday August 05 2004, @08:39PM (#9895829) Homepage
      As far as I'm aware Freenet stores encrypted content on each node, not just routing requests through nodes.
    • Onion routing does just that, it is a method for picking an anonymous route. Freenet is a distributed database.
      In onion routing the client picks N nodes from the list of servers and encrypts using each servers public key. Then sends the data to the first server. In onion routing each packet of data contains the entire routing list, though it is encrypted in such a way that each node can only tell what the next node is.
      Each Freenet nodes caches data blocks based on demand. When a request arrives looking for a data block Freenet forwards the request to a node that has similar information until the correct block is found. Each freenet node only knows about the next and previous nodes, and the route is determined by the key you are searching for.

    • Re:Freenet? (Score:5, Informative)

      by Wesley Felter (138342) <wesley@felter.org> on Thursday August 05 2004, @09:54PM (#9896206) Homepage
      Freenet doesn't use onion routing (last time I checked), but it does use the concept of sending messages through mutiple hops. But the main difference between Freenet and Tor is that Freenet is an anonymous publishing system and Tor is an anonymizing layer that can work with almost any application.

    • Re:Freenet? (Score:4, Informative)

      by 0x0d0a (568518) on Thursday August 05 2004, @11:12PM (#9896683) Journal
      Isn't this onion routing thing exactly what freenet uses?

      Not in the same form.

      Freenet allows posting of data, which does travel through multiple nodes, much like this one. It also allows retrieval of data. However, the two are separate operations. You don't establish a connection between the publisher of data and the reciever, which means Freenet tends to be unsuitable for things that require even remotely interactive latency. I think Tor might wind up being a bit high for, say, SSH, but it could easily be just fine for instant messaging -- two people that don't know each other by anything but pseudonyms and cannot trace each other can conduct conversations.

  • hmmm (Score:5, Insightful)

    by SinaSa (709393) <sina.sa@NOSPaM.gmail.com> on Thursday August 05 2004, @08:19PM (#9895693) Homepage
    Tor - The internet onion!

    No, but seriously, the blurb says this is low latency, how that's the case, I fail to see. First client wants to send a HTTP GET or something similar via Tor, so every packet involved needs that info, plus a little bit extra to get it to the next node, plus a little bit more so the end node knows where it needs to be in the end on the return. So that's two extra little bits, then the stuff gets sent one node across which takes its info off and puts new info on.

    Where is the low latency here? All this peeling/adding layers to peel off must be fairly time consuming. I'll admit I quite like the idea, and as soon as I click Submit I'm going to download and try it, but I fail to see how this can be faster than say, InvisibleIRC (IIP) was.

    • Re:hmmm (Score:5, Informative)

      by dfelznic (8812) <dfcNO@SPAManize.org> on Thursday August 05 2004, @09:01PM (#9895951) Homepage
      I am using tor right now to read slashdot as well as IRC and GAIM. Tor is not supposed to be as low latency as your normal connection. Security is a trade off the slight degradation in latency is worth the improved anonymity...

      • Benjamin Franklin (Score:3, Funny)

        by Anonymous Coward
        They that can give up essential latency to obtain a little temporary anonymity deserve neither latency nor anonymity.

        I need my data at the speed of light, bitches!

    • Re:hmmm (Score:5, Informative)

      by jhoffoss (73895) on Thursday August 05 2004, @11:12PM (#9896682) Journal
      Tor achieves low latency because tunnels are created during connection setup, and that same tunnel is utilized for the life of the connection.

      I believe the encryption is layered on from the start, and peeling occurs at each transfer, not peel/crypt/peel/crypt/etc.

      I was surprised to see no one posted this earlier; the author of Tor gave a very good presentation at DEFCON last week, and I'll have to get out my CD with his presentation on it, but it's different from Freenet in a few ways. For one, apparently Freenet isn't totally free.

      As a side-note, the author is still working on a method to accept/sign-up/recruit primary [trusted] nodes.

  • I would imagine (Score:5, Funny)

    by AbbyNormal (216235) on Thursday August 05 2004, @08:21PM (#9895704) Homepage
    our East Asian readers, will readily endorse this new standard...Honestly, I guess not many people think about their acronyms before they are released to the public.
      • # of Japanese that know what the term "Jap" means *
        # of Japanese that will ever hear of "JAP" *
        # that are actually offended = a real small number (probably)
        #sarcasm# Hey, maybe only a really small number of black people are reading this, so let's call it NIGR! #/sarcasm#
        Honestly, what you said is very stupid. I'm not a fan of PC, but the argument "maybe they'll never know it" is wrong. Have you heard the term World Wide Web?

  • Not Like Freenet (Score:5, Insightful)

    by gclef (96311) on Thursday August 05 2004, @08:22PM (#9895708)
    Wow. Lots of DefCon related stories.

    Anyway, for those asking, no, this isn't quite like Freenet. In TOR, you decide which points you want to send traffic through (and negotiate encryption keys with each one individually), and, unlike FreeNet, you can tunnel existing protocols over it (like, say http).

    There's a lot of promise here, but in his talk, he was looking for sites that had at least 1Mbps up & down speeds for nodes. This isn't quite like Peekabooty, in that right now they're not looking for everyone to run a middleman node.

    • Re:Not Like Freenet (Score:5, Interesting)

      by X (1235) <x@xman.org> on Thursday August 05 2004, @08:26PM (#9895747) Homepage Journal
      What it is very much like is Freedom.net from Zero Knowledge Systems. Those guys already provided the patches to Linux to implement it, and had way more sophisticated protections (things to prevent discovery by timing and packet size analysis). Unfortunately, not may people used it, so it went bust. Now ZKS mostly does firewall software. :-(

      • Re:Not Like Freenet (Score:4, Interesting)

        by gclef (96311) on Thursday August 05 2004, @08:32PM (#9895785)
        Yeah, he mentioned ZKS in his presentation. Their disappearing, and taking the network with them, is one of the reasons that he's BSD-licensing the code for this.

        Interestingly, one of the other reasons is that he managed to convince the Navy that others would use and trust the code (therefore making the Navy's use of it more difficult to detect) if those others could read the code and implement it themselves. I'm honestly kinda surprised (but happy) that the Navy agreed to it.

  • Onion routing (Score:5, Funny)

    by Rosco P. Coltrane (209368) on Thursday August 05 2004, @08:22PM (#9895711)
    to help Internet users surf the Web anonymously and shield their online activities from corporate or government eyes. The system is based on a concept called onion routing.

    I've just tried to set www.theonion.com:8800 as http proxy but it doesn't work...

  • Why would the government fund something... (Score:4, Interesting)

    by hadesan (664029) on Thursday August 05 2004, @08:25PM (#9895737)
    which is completely open source and avaialble to anyone who want's to download it?

    If the Navy is funding this project, don't you think they have already found a way of monitoring it?

    • Sure, monitor one of the known ends and dumping the packets to file for cracking later. Of course, the main question is how practical would it be to do? If the encryption has a good algorithm, then it could be too computationally expensive to decrypt meaningful amounts of data. If the algorithm is weak, then near real-time monitoring might be practical. Besides, reading the article, it's being set up more to help intelligence spooks do research without tipping everybody else in the world off. Not inclu
    • If the navy has figured out how to factor the product of two large primes quickly, then we've got big problems
      that reach far beyond this tor thing. If not, then this is probably okay. =)

  • Been around for awhile... (Score:5, Informative)

    by shadowmatter (734276) on Thursday August 05 2004, @08:32PM (#9895786)
    Schemes like this to make p2p anonymous have been around for awhile. The problem is that such systems have very high end-to-end latency, so in practice it's not really ideal for a constantly evolving network -- like peer-to-peer. A scheme similar to this, using mixes, is Tarzan [mit.edu]. From its ACM paper:

    Tarzan is a peer-to-peer anonymous IP network overlay. Because it provides IP service, Tarzan is general-purpose and transparent to applications. Organized as a decentralized peer-to-peer overlay, Tarzan is fault-tolerant, highly scalable, and easy to manage.Tarzan achieves its anonymity with layered encryption and multi-hop routing, much like a Chaumian mix. A message initiator chooses a path of peers pseudo-randomly through a restricted topology in a way that adversaries cannot easily influence.

    Such systems right now have too high a latency and too much overhead (such as a peer sending "noise" into the network when not having the need to send any real data, just to deter packet analysis) that they aren't terribly practical... for now. So you most likely won't see the technology bundled in the next KaZaA, BitTorrent, etc., but we'll see what the future holds.

    - sm
    • Another of the problems with these approaches (besides the need to send cover traffic, as you mentioned) is that pseudo-random path selection may not be random enough. Certainly an "omnicient" adversary could run various correlations to determine who is sending data to whom, and it becomes very difficult to make convincing arguments as to whether more realistic adversaries can glean information from the traffic they observe. If there's one lesson we've learned from crypto research, it's that smart mathema

  • too bad... (Score:3, Funny)

    by night_flyer (453866) on Thursday August 05 2004, @08:33PM (#9895790) Homepage
    we did have this back in 1941

  • lessons from cp remailers? (Score:4, Insightful)

    by astrashe (7452) on Thursday August 05 2004, @08:34PM (#9895799) Journal
    What happens when people start doing bad stuff with the tor system? You know it's going to happen...

    The model is bad, because the people running the servers (like the old cypherpunk remailers) are supposed to provide services for free, out of the goodness of their hearts, and take the heat when people do malicious stuff with the network.

    It seems to me that it's not a bad technical system, but that it fails when you start to think about the social and economic realities of the net.

    • Re:lessons from cp remailers? (Score:4, Insightful)

      by gl4ss (559668) on Thursday August 05 2004, @09:10PM (#9895983) Homepage Journal
      like spammers taking advantage of a fairly open email system?
      sorry, couldn't resist.

      still, email works.

      these systems are mostly meant for distributing the possible heat anyways.. and making it impossible to pinpoint it on anyone spesific(because you don't even know what you're routing). the problem is when there's some naive people running these that start crying once they figure out what's anonymity mostly needed for(like freenet, they make a system that's practically meant for distributing banned materials and start crying when they realise that the materia had reasons to be banned in the first place..)..

      for a normal user though these just mean assurance of that if RIAA/MPAA starts being veeery aggressive about p2p people will switch to some more advanced version of p2p even if it comes with severe performance(speed) hit.
    • "What happens when people start doing bad stuff with the tor system? You know it's going to happen..."

      When doesn't it happen? Freedom of Speech comes to mind. It all sounds great until people find out the KKK are protected. Everything's like that. The best you can hope for is it does more good than harm.

  • You missed some points. (Score:5, Interesting)

    by Positive Charge (592093) on Thursday August 05 2004, @08:36PM (#9895810) Homepage
    (I know because I submitted this article too.)

    1. The Navy is bankrolling the development, presumably to allow government employees to surf around without leaving ".gov" and ".mil" ip addresses in logs.

    2. JAP supposedly has a German Government implanted backdoor that this one shouldn't because it's open source.

    I think that the US Government is bankrolling it to piss off the Chinese.

  • An Important Message (Score:5, Funny)

    by Gannoc (210256) on Thursday August 05 2004, @08:38PM (#9895821)

    This technology will certainly become a favored tool of terrorists trying to avoid the justice of the Bush administration.

    Sincerely,

    The MPAA.

  • Right hand, talk to left hand please! (Score:4, Funny)

    by putaro (235078) on Thursday August 05 2004, @08:43PM (#9895851) Journal
    I think it's great that the Navy is funding this. Now, where are the wire tap hooks? [slashdot.org] I always enjoy the way the government exempts itself from its own rules.

  • Nothing new (Score:3, Informative)

    by Anonymous Coward on Thursday August 05 2004, @08:53PM (#9895916)
    Something named "My own private Idaho", an anonymous remailing software from 1996-1998, did (and is still doing) exactly the same thing, with PGP integration, and server key publication.

  • Is the route preselected? (Score:5, Insightful)

    by brett42 (79648) on Thursday August 05 2004, @08:56PM (#9895931)
    From the couple of days I spent actually working in my highschool cisco class, I remember each router in a path is supposed to be able to optimize the route a packet is sent on by using local information and the packet's final destination. From what I gather from the limited technical details in the article, this protocol would require knowledge of the entire route at the initial node to handle the 'onion layer' encryption.

    Is there some way of optimizing a path through a given number of nodes without keeping huge amounts of information about latency on every two nodes, or is this just bouncing the packet around for a while for anonymity and accepting the added latency, plus possibly the time it takes to detect and resend packets when one node in a path suddenly goes dead, making the custom-encrypted packet worthless?

    • Re:Is the route preselected? (Score:4, Informative)

      by Wesley Felter (138342) <wesley@felter.org> on Thursday August 05 2004, @10:08PM (#9896294) Homepage
      From what I gather from the limited technical details in the article, this protocol would require knowledge of the entire route at the initial node to handle the 'onion layer' encryption.

      Correct. The sender wraps the whole onion, and each router removes one layer.

      Is there some way of optimizing a path through a given number of nodes without keeping huge amounts of information about latency on every two nodes, or is this just bouncing the packet around for a while for anonymity and accepting the added latency?

      It's more like the latter. Optimizing for performance tends to be at odds with anonymity.

  • Mixmaster for TCP? (Score:3, Insightful)

    by kinema (630983) on Thursday August 05 2004, @09:14PM (#9896003)
    This sounds a lot like an implementation of Mixmaster [sourceforge.net] for TCP.

  • Anonymous mailer technology (Score:5, Interesting)

    by KillerCow (213458) on Thursday August 05 2004, @09:14PM (#9896010)
    This sounds like a reinsertion of all the technology that has gone into anonymous mailers over the years (see MixMaster [sourceforge.net].) I hope that they aren't re-inventing everything and repeating the same mistakes. The existing technology should be mostly portable from the application layer to the session or layer.

    I was at a presentation by the guy behind MixMaster and was impressed by all the thought that has gone into the various generations of the application. They even had it generating fake messages so you can't do traffic analysis.

  • Onion Routing (Score:5, Interesting)

    by dachshund (300733) on Thursday August 05 2004, @09:36PM (#9896117)
    Onion Routing [onion-router.net] has been around for several years. Tor is an effort to make the original protocol more practical. It replaces several nice features from OR, specifically the notion of "reply onions", which allowed message recipients to route replies back to the sender without learning the sender's identity. Instead, TOR recommends a form of "rendezvous point" where receivers send messages to be routed back to the sender. It's not as elegant, and the security is not necessarily as strong, though it is more practical.

    It's important to note that there are some statistical attacks on both of these systems, and none of them are very secure for long communication sessions when group membership churns, as in a peer-to-peer network.

  • Oh, for God's sake... (Score:4, Interesting)

    by andymurph (803194) on Thursday August 05 2004, @10:17PM (#9896348)
    ... The Register [theregister.co.uk] broke this story ages ago: Here [theregister.co.uk] and Here [theregister.co.uk]. Why is /. so reluctant to credit these guys for the tech stories they so often break? Jealousy?

  • TOR Ready! Website logo & list (Score:3, Insightful)

    by xiando (770382) on Friday August 06 2004, @12:40AM (#9897009) Homepage Journal
    It's been quite a while since I made my site LinuxReviews [linuxreviews.org] IPv6 Ready [linuxreviews.org]. This has made me look at the IPv6-ready Web Server list [uni-leipzig.de] from time to time and sadly there is very few sites out there that are IPv6 capable.

    It is nice to know Tor supports standard protocols like http://. But do you really believe those "Tor Ready!" websites will start popping up any time soon? I don't think so. The majority of todays websites do not validate [w3.org], doesn't support IPv6 and many don't even render correctly in the majority of web browsers. Will Tor-Ready be prioritized higher by the average webmaster than these and other more serious issues?

    I am also very skeptical to the bandwidth requirements and the latency. My Ipv6 connection gives me full bandwidth, but I do notice that connections going through the tunnel are, in fact, much more latent than normal native Ipv4 connections. So why would I prefer to visit some website using Tor when the real difference is a longer loading period? Yes, what the author says about low latency may be true. It may have less latency than alternatives, but do not try to tell me I won't notice significantly higher latency if I try to IRC through a TOR connection.

    People are talking about Ipv6 becoming standard in 5-6 years, I will be amazed if tor still exists at that point in time and even more amazed if it's actually implemented on more than 0.0001% of the Internet's services.

      • Re:Why was this modded down? (Score:4, Insightful)

        by 0x0d0a (568518) on Friday August 06 2004, @01:20AM (#9897139) Journal
        Frankly, I don't give a damn one way or the other what someone calls someone else. I'm white. If someone wants to call me "whitey" or "cracker", I might think it's kind of funny, but other than that, it doesn't mean anything to me.

        I just don't have any sympathy for people overinduling in their own victimhood. There are people starving around the world, an African continent full of AIDS, people without access to uncontaminated drinkable water, and someone is going to complain about the choice of word that someone uses to describe them, or even more ridiculously, a three-letter-acronym that happens to match up with that word? How can anyone remotely sympathize with someone complaining about this? If they really can't think of a single worthwhile issue to complain about, I'd suggest the upcoming US presidential election, which stands to significantly impact a lot more people than the term that someone uses to refer to a group of people.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.