EFF Promotes Freenet-like System Tor

An anonymous reader writes "The Electronic Frontier Foundation (EFF) just announced that it has become a financial sponsor of Tor, an open-source project to help people 'engage in anonymous communication online.' It sounds like a simpler version of Freenet, e.g. 'a network-within-a-network that protects communication from ... traffic analysis.' Like Freenet, the source-code is freely available and binaries exist for Windows, Linux, etc." Read on for more details.

The submitter continues "It also allows you to install Tor-aware apps, such as an HTTP proxy (for private browsing), or maybe private P2P? Unlike Freenet, it doesn't use massive encryption (as far as I can tell) and relies more on something called onion routing to randomly bounce requests between other Tor proxies, thus obfuscating the IP of the original client. So it allows you to browse regular Internet sites! Maybe it should be considered more of an 'open-source' Anonymizer? But I don't know if it's actually Open Source - you can download the source (and compile it yourself) but I don't know if the developers are letting anyone else touch their code. They are, however, looking for contributors and other forms of help. And, finally, they're hoping people will start running Tor servers!" It's open source, however contributions are handled.

EFF makes me happy.

[The I Shing (700142)]

The EFF is a light in a dark wilderness. How amazing that a group of people so talented, experienced, and dedicated to digital liberty can come together and accomplish so much. Episode #74 [thislife.org] of This American Life [thislife.org] features EFF co-founder John Perry Barlow [eff.org]'s touching account of a romance that blossomed between him and a wonderful woman he met at a convention. (Computer geeks take heed... play this story for a girl you fancy and see if it softens her heart.)

If they really want

[Neil Blender (555885)]

If they really want to sniff you, what is to stop them from sniffing at that unavoidable first hop?

Re:If they really want

[Gorny (622040)]

There are some trusted nodes which serve as the starting point. You can also add your own trusted nodes if you're sure they're trustworthy.

Re:If they really want

[by Anonymous Coward]

It's more than that; the entry nodes don't have to
be trusted. Your communications with them are
encrypted and they know only the next hop in the
circuit -- they do not know the exit node and they
do not know the content of your communication.

Re:If they really want

[weaselp (32626)]

The first node knows your IP and the second node, but not the plain text. The last node knows the second-to-last node,the service you are connecting to, and the plain text unless you do some encryption on the application layer (like https).

It's not entirely unlike Mixmaster, only low latency.

Yay! Piracy!

[by Anonymous Coward]

<sarcasm>
I'm sure this network will be used to share protected speech and not copyrighted binaries.
</sarcasm>

Re:Yay! Piracy!

[discord5 (798235)]

I'm sure this network will be used to share protected speech and not copyrighted binaries.

I don't think this system will be usable for piracy. Have you ever used <hat foil="tin">Freenet</hat>? Because of all the hopping though random nodes, "random" routes and encrypted traffic it's quite slow.

Take the example of the average "anonymous proxy" on the internet. After someone finds the proxy, it usually takes about 5 to 10 hours before the proxie's bandwith is completely saturated making it unusable. Even if Tor is to loadbalance all it's nodes, it's still going to be SLOW with the added encryption etc. Remember kids, using proxies that are close to you isn't anonimity but asking for problems with the law (usually why people want to use anonymous proxies is to avoid problems their employer/government could create).

Lastly, most anonymous networks are unreliable by nature. Freenet is unreliable because it drops "unpopular" keys and their content in favour of popular keys. Anonymous relays (eg mixmasters) are known to drop messages at random.

AT&T Crowds

[grub (11606)]

If it's not encrypting and just passing packets around then it sounds like the AT&T research Crowds proxy they were distributing a while ago. (it used to live at this page [att.com] but I see it's gone now.)

Re:AT&T Crowds

[GoodNicsTken (688415)]

It sounds like MPLS to me, which is a protocol used in VoIP. Same setup, the route is added one hop at a time. The first message has to find it's way, but after that, each router peels the label (L in MPLS), routes it to that hop, and therefore routhing is very fast after the connection is established. What I don't understand is, the first hop has to know your requesting a www.yahoo.com page or it wouldn't know where to send your message. Therefore, if an open source TOR server can decode your message, the

This actually works....

[Ajmuller (88594)]

Unlike freenet, which I have tried to use for years and never got it to work properly, this actually works. Five minutes after I installed TOR i'm actually surfing the internet, anonymously, at decent speeds. Unlike freenet, i'm not stuck in a chatroom while someone tells me... Just wait 4-5 days for your node to associate with the network....
TOR is great, go EFF, making me proud to be a member!!!!

Re:This actually works....

[Ajmuller (88594)]

Actually, Tor does have an internal network. They are called hidden service URLS, they are URLs that work only on the tor network, though they are not distributed content the way freenet is.
A Hidden Service URL looks something like this:
http://6sxoyfb3h2nvok2d.onion/
And, obviously, only functions when the TOR daemon intercepts your web browsers requests...
The very cool thing about TOR is that it not only can forward HTTP but also any other arbitrary protocol... You can even forward SSH traffic if you are among the uber paranoid elite.

Re:the problem with Freenet

[RyanFenton (230700)]

It's a method for the transportation of data - it in no way encourages any specific type of traffic. I could mention several straw-men arguments about telephones and vehicles that also could be used for horrible child crimes...

Relative anonymity isn't inherently destructive - nor is the anonymity offered here absolute. Conventional methods of online social investigation will still catch the people you imagine, as there is still a source and destination. With child crimes in particular, the investigation should move offline as soon as possible anyway as soon as suspicions arise.

People who attack and cruelly manipulate children deserve punishment - the rest of the world does not need to close entire realms of technology down for the sake of that punishment. The nerds of the world shouldn't be forced to think about punishing criminals when they make their tools any more than car manufacturers.

Ryan Fenton

Re:the problem with Freenet

[The Tyro (247333)]

Ryan,

Thanks for the reasoned reply.

I don't disagree that Freenet is a tool, but I'm not sure all factors are equal in judging tools. We could compare to Kazaa, which does trade legitmate files... but trades scads of pirated material. Kazaa may trade many pirated files, but the relative harm is far less. Copyright infringement isn't in the same ballpark as child molestation... the law recognizes this with the vast difference in their respective penalties. The amount of harm (and type of harm) with Kazaa

Re:the problem with Freenet

[jafac (1449)]

Fine. Then allow the child pornographers to distribute their "product" - and bust them at other phases of their operation.

Tell me this. How many child pornographers are busted when someone trades illegal pictures? Not illegal picture-traders, the actual people who TAKE the pictures?

By blocking the flow of information, you can only bust the picture-traders. And you get a nice excuse to bust anyone else whom you can reasonably define as a "terrorist" or other undesirable.

Bust the guys taking the pictures, at the source. When you get a kid who's been abused in this way, they can lead you to the picture taker.

The excuse of "needing better tools for law enforcement" is very often used as an excuse to abridge civil rights.
Child pornographers are bad. And should be stopped wherever their found. But I'm not ready to accept that we, as a civilization, can afford to eliminate anonymous speech. When we have better rules (that are enforced) to protect whistleblowers and dissidents, then maybe we can do away with anonymity.

Re:the problem with Freenet

[soupdevil (587476)]

By this argument, you could never own an apartment, rental house or hotel, because child abuse could be committed on your property.

Spammers

[bm17 (834529)]

Two questions come immediately to mind:

1) Can spam be sent through Tor?

2) Can spammers collect data by running a Tor server of their own?

I checked the site's FAQ but couldn't find answers there.

Re:Spammers

[miope (727503)]

Look the documentation [eff.org]

2. Decide what exit policy you want. By default your server allows access to many popular services, but we restrict some (such as port 25) due to abuse potential. You might want an exit policy that is either less restrictive or more restrictive; edit your torrc appropriately. If you choose a particularly open exit policy, you might want to make sure your upstream or ISP is ok with that choice.

the faq responds your second question [noreply.org]

6.1. Can exit nodes eavesdrop on communications? Isn't that bad? Yes, the guy running the exit node can read the bytes that come out there. Our first answer is "then use end-to-end encryption such as SSL", which is great but not always practical. (The corollary to this answer is that if you are worried about somebody intercepting your traffic and you're *not* using end-to-end encryption at the application layer, then something has already gone wrong and you shouldn't be thinking that Tor is the problem.) Our second answer is that in a future release, we plan to have Tor clients recognize when the destination is co-located with a Tor server, and exit from that Tor server. So for example, people using Tor to get to the EFF website would automatically exit from the EFF Tor server (assuming it's nearby in network geography), thus getting *better* encryption and authentication properties than just browsing there the normal way. But this has a variety of technical problems we need to overcome first (the main one being "how does the Tor client learn which servers are associated with which websites in a decentralized yet non-gamable way?"). Stay tuned.

Is that in England?

[worst_name_ever (633374)]

System Tor... I think that's in Devonshire, right?

Anonymity is a good thing?

[by Anonymous Coward]

Are you sure all this anonymity is a good thing with all the terrorism and unpatriotic sentiment floating around?

Besides, getting rid of anonymity would help with the spam crap.

In fact, I don't see anything positive in anonymity.

Re:Anonymity is a good thing?

[VistaBoy (570995)]

In fact, I don't see anything positive in anonymity.

by Anonymous Coward on Wednesday December 22, @04:11PM

You are the god of irony and paradox.

Whups, so much for that idea.

[Tackhead (54550)]

From the design documents [eff.org]:

Based in part on our restrictive default exit policy (we reject SMTP requests) and our low profile, we have had no abuse issues since the network was deployed in October 2003. Our slow growth rate gives us time to add features, resolve bugs, and get a feel for what users actually want from an anonymity system. Even though having more users would bolster our anonymity sets, we are not eager to attract the Kazaa or warez communities-we feel that we must build a reputation for privacy, human rights, research, and other socially laudable activities.

Well, so much for that. *badaboom*

Double dipping

[el borak (263323)]

Tor was initially designed and developed as part of the U.S. Naval Research Laboratory's Onion Routing program with support from ONR and DARPA.

Gotta love this. Paid for by my tax dollars, then I also get to pay for the NSA to develop improved snooping technology to crack it. Still, good to know at least some of my tax dollars was well spent for a change.

... and also sponsored by .mil?

[skabb (115949)]

Seems like a great system, but I just cant understand this statement: "Currently, Tor development is supported by the Electronic Frontier Foundation. Tor was initially designed and developed as part of the U.S. Naval Research Laboratory's Onion Routing program with support from ONR [navy.mil] and DARPA [darpa.mil]."

*Puts on tinfoil-hat* isn't the guys at *.mil making their jobs harder by doing this? anonymous "terrorists" communicating freely without any traces, or do they already have this covered in the system? a honeypot?

Spies need anonymity too...

[Jim McCoy (3961)]

As someone who has watched, helped with, and discussed various anonymous networks from Pipenet through Onion routing and Tor I can give you the quick summary for why NRL was interested in anonymous browsing (because when they first came out with the Onion network stuff it really was a surprise.)

Sometimes, government agencies would prefer it if web queries did not show up in the server's logs as coming from a .mil or .gov site.

Just knowing what someone is reading or researching is a good source of intel, some government agencies see more benefit to this than the downside of potential terrorist uses.*

Jim

* anyway, if you work for a big governement agency you have the resources to treat these sorts of networks like a big black box and link up the endpoints. This is a fatal flaw to _all_ real-time anonymous networks. A big attacker can treat all of the fancy games you play in the middle of network as noise and just link up "message X went into dark network at time T and a message close to the size of message X came out of the network at time T +1, followed by a similarly linkable message going back the other way..."

Just one slight problem with the name....

[farrellj (563)]

TOR Books [tor.com], one of the largest publishers of Science Fiction and Fantasy in North America *might* have some problem with this...Methinks that I should let David Hartwell know...and the wonderful people at EFF...

ttyl
Farrell

Onion Routing != FreeNet

[pridkett (2666)]

Just a quick FYI, TOR is an onion routing system, meaning that the data is passed between TOR proxies until it reaches it's destination. This means that eventually you still need to fetch the data from a server, which means that the server can still be put under attack or taken down.

FreeNet is much more robust as you inject content and then it is stored in many nodes. Thus, it can't be taken down. Furthemore, in FreeNet different parts of the data are obtained from different sources, preventing more work that could be done with traffic analysis.

To say that TOR is like FreeNet is to seriously discount the features of FreeNet. TOR is a system for running Onion proxies. FreeNet is a completely anonymized hosting and content distribution system.

Re:Onion Routing != FreeNet

[bitspotter (455598)]

To summarize:

Freenet is a system which anonymizes content. Specifically, digital files.

TOR is a system which anonymizes connections. Specifically TCP connections.

While anonymizing client TCP connections has been around for awhile, TOR is the first major project (possibly second to i2p) that allows one to anonymize TCP *server* connections.

In my experience, TOR has been vastly more reliable than Freenet. Whether this can be attributed to the youth and small size of the TOR network relative to Freenet remains to be seen...

So if this routes through Onion servers...

[by Anonymous Coward]

... it must be intended primarily for satirical content.

Sounds pretty good to me

[caluml (551744)]

Freenet - but not in Java?! Sign me up. Keep that nasty java off my system. GRSec and PaX don't like it and keep killing it off anyway.

Right...

[Kjella (173770)]

Let me get this straight. As a TOR node, my computer will request information from regular web sites unencrypted. This means that when someone requests e.g. child porn on the network, and my node is chosen to retrieve it, my IP will be the one logged?

You are in for a world of hurt if you run a TOR node. Since you are perfectly aware of all plain HTTP requests your node makes, you are likely to stand trial for contributory copyright infringement, import/export/distribution of child porn, conspiracy to [whatever] and so on. Since I assume by default it doesn't log anything to give you someone to blame it on, they pin it on you.

I would honestly never run a TOR node. If I did, I would firewall it to only allow connections to other TOR nodes, i.e. be a pure leech on the network. Anything else is to expose yourself for a wide range of legal disasters. Freenet had this right. You must not know what you are transmitting. This idea is fundamentally flawed and I'm amazed that the EFF would support it.

And beyond that, from the brief techincal discussion, you have a single point of failure in the directory server. Gather a small botnet, compromise the server and present the botnet as the routing nodes. You control all the keys, you decrypt everything. Or just a simple DDoS attack, so you don't find any nodes to route through. Overall, I'm not impressed.

Kjella

Re:Right...

[EnronHaliburton2004 (815366)]

Freenet had this right. You must not know what you are transmitting.

So you don't mind transmitting the child porn, you just don't want to be associated with the transmission.

i think we're conflating moral and legal arguments

[Trepidity (597)]

The grandparent seemed to be insinuating that it's immoral to care only about being associated with child porn, by caring only about being associated with it, not about carrying it at all. The reply was pointing out that if you think it's immoral to carry information blindly, then being a postman is immoral.

you don't have to be an exit node

[adturner (6453)]

Tor already provides the means for people to run a tor node as only a router (add the line: reject *:* in your torrc), not an exit node. Hence, your IP will never download kiddie porn or anything like that.

Padon me if I missed it...

[Kjella (173770)]

...but what exactly is the incentive to actually help the TOR network? Seems to me that you can just leech as much as you want, give nothing. And each byte I download gets multiplied by as many nodes as I route through. Right now, it would appear they have a small userbase and mostly volunteer providers. What would happen if it got exposed to say, the slashdot userbase? Or people in general?

Kjella

Re:Padon me if I missed it...

[adturner (6453)]

Perhaps you should read "Should I run a client or a server?", which explains the benefits for running a server.

http://tor.freehaven.net/cvs/tor/doc/tor-doc.htm l

But basically, even just running a client is good since the more clients using tor (up to the capacity of the network) increases the anonymity of all users. Only time will tell if enough volunteers will run servers to keep up with demand.

Misconceptions about Tor (from Chris @ EFF)

[innerFire (1016)]

Hi there! I'm Chris Palmer from EFF. I am working with the Tor developers, so I know a bit about it. I'll try to clear up some questions and misconceptions people seem to have.

1. Spam? Well, spammers already have much better tools than Tor. Namely, botnets. The Tor network currently doesn't support the kind of bandwidth usage spammers can chew up. By their willingness to break the law, spammers and criminals already have good tools to hide their network origin. Tor doesn't really help them. Plus, the default Tor exit policy is to block port 25.

2. Free/open source? Yes, three-clause BSD. EFF would not financially support a non-free/open source project!

3. Do you have to trust the nodes? You have to trust the entry node and the exit node. The entry node can be on your own computer, which I highly advise people to do. It's easy to install on all platforms, so that shouldn't be a hurdle. As far as trusting the exit node: Yes, the exit node can see the plaintext of your communications. That is why you should always use end-to-end encryption, anyway! Remember, all normal Internet routers in your route can read your traffic; Tor is actually BETTER because traffic is strongly encrypted (AES, multiple times) while inside the Tor network.

So, you actually have to trust Tor a bit less than regular Internet routes.

Use encryption. :)

4. Is it like Freenet/Crowds/Anonymizer? Yes, and no. It is like somewhat like those systems in goals, but the design is different. For example, unlike Freenet, Tor helps you talk to the real Internet. Unlike Anonymizer, Tor uses a whole network of proxies, not a single proxy; and the proxies are generic SOCKS proxies, not specifically HTTP.

5. Version number is too low. Is this alpha software? Roger and Nick are very modest. :) Tor works. It is stable, many bugs have been fixed, and the protocol is moderately stable. Tor does not crash randomly or eat all your memory. What's in flux is bigger picture items, such as "How can we reduce our dependency on the central directory server" and "Wouldn't a GUI configuration tool be nifty?"

6. Is there a backdoor? Well, you tell me. The source code is open. Is there a backdoor in other free software you like?

7. Minimum bandwidth requirement? For exit and middleman nodes, yes, you should have a reasonable pipe and a stable machine. "Reasonable" pipe can mean a good DSL connection. Crappy nodes can degrade the network for those poor saps whose circuit goes through one. That is why the directory server operators won't list your server unless it meets basic stability and bandwidth requirements.

Scalability

[Sanity (1431)]

I think the general problem with this kind of architecture is that it dodges the hard issue - which is how new peers get integrated into the network, and how do you ensure their reliability.

In Tor's case there is a centralised global list of all peers which must be added to manually by Tor's developers. This is fine with a small number of users, for which Tor clearly works well, but isn't practical when dealing with large numbers of users.

Freenet, for all its faults, is designed to deal with potentially millions of unreliable peers. It is its ability to do this that makes it such an ambitious project, and makes any comparision between it and Tor a situation of apples and oranges.

But but but

[halcyon1234 (834388)]

Terrorists might use this! Won't someone please think of the children? If my government can't hear what my neighbor is saying, how do I know he isn't planning on killing me in my sleep?

I mean, why do you even need something like this? If you don't have anything to hide, there shouldn't be a problem with your internet chats being monitored.

BTW, click here [reference.com]

Firefox extension?

[multiOSfreak (551711)]

Somebody quick! Make a FireFox extension that adds a button to the toolbar that says "Switch to TOR mode" or something to that effect.

It would be nice if TOR were easy to turn on and off within a given browser or other http-aware client. I can't see need the for use TOR 100% of the time, especially since there is a performance hit. And it seems like it would be a pain in the ass to have to reconfigure the browser's proxy settings each time you want to use TOR for browsing/downloading.

I'd take a crack at it myself, but I'm no code monkey. I'm a documentation nerd. If anybody wants to develop this, let me know and I'll do the docs and help files.

Since noone believes me when I post about it...

[Kjella (173770)]

...maybe I'll just dig up the link to what happened with the JAP proxy network, providing pretty much exactly the same service:

Net anonymity service back-doored [theregister.co.uk]

Basicly, they were given the choice of backdooring it or shutting it down. Yes, the whole network. They did install a backdoor (still with source), got found out but they didn't exactly have much trust left.

Can someone explain to me why the exact same will not happen to this service? Any reason why TOR servers would have greater legal immunity? I don't see it, at least.

Kjella

Re:Since noone believes me when I post about it...

[wildwood (153376)]

Basicly, they were given the choice of backdooring it or shutting it down. Yes, the whole network. They did install a backdoor (still with source), got found out but they didn't exactly have much trust left.

Can someone explain to me why the exact same will not happen to this service? Any reason why TOR servers would have greater legal immunity? I don't see it, at least.

One reason: the white-hat lawyers at the EFF.

I didn't see any indication from your link whether the JAP team got any legal consultation. Did they fully understand their rights and options before they gave in to the authorities?

I don't think the EFF is sponsoring this just to move the technology along. I'd bet that they also want to use Tor to advance their legal arguments for anonymity. They've probably already drawn up "battle plans" for likely legal challenges.

Comments

[ZorbaTHut (126196)]

Tor is great. I've been playing with it for a while - the sheer simplicity of setup makes it fantastic, and it's highly amusing to go to whatismyip.com half a dozen times and get different IPs.

Once I get the firewall box I want set up I plan to make one port link directly into Tor, so that anything plugged into that port is shunted 100% into the Tor network. Right now you've sort of got to trust that your program really is punching everything through the SOCKS proxy - not all programs are really reliable about that, plus the program can still see your IP if you're not behind a firewall.

Question about Tor

[theantix (466036)]

As a civil libertarian I love the idea, and I would be happy to run a Tor server if I could restrict what filetypes I pass through. I'm not interesting in helping people pass kiddie porn or pirated movies through my server (which I assume would be a primary use of this), so I would want to restrict it to text and html mimetypes. I looked through the FAQ and documentation and didn't see any mention of this.

Any developers here that can comment on if a feature similar to this is planned for a future release?

Re:Question about Tor

[RPoet (20693)]

With Tor, you don't transfer files; you transfer packets. This is analogous to running a TCP/IP router on the internet, you just relay traffic for others. What Tor adds to this is that you have no way to find out what packets you relay contain or where they are ultimately headed. If you are really a civil libertarian, you won't care. If you still care, maybe you should look for another label for yourself :)

not cost effective to track and sue for RIAA et al

[Cryofan (194126)]

I wonder if this could somehow be a case where it is not cost effective for RIAA/MPAA to track down the sharer of a particular file? I mean, they could do track down at least ONE file-sharer and then sue that person. But is just one person being sued serve as a sufficient deterrent to stop many filesharers?

Right now, there are hundreds or even thousands of file sharers being sued (or being threatened, or getting letters etc). That threat serves as a real deterrent. But if it were too costly for them to det

Re:Solutions are simple.

[airConditionedGypsy (703864)]

You have to be careful. What if the receiver is a member of the RIAA? Under your scheme, they are authorized to download from you and decrypt...

Nice idea, but tough in practice.

Re:Solutions are simple.

[pclminion (145572)]

IANAL either. This doesn't work.

The DMCA prohibits circumventing a protection on a copyrighted work. Encryption only qualifies as a "protection device" if the person doing the encryption is the holder of the copyright. You can't "protect" what you do not own.

I don't know if the DMCA contains precisely this language, but it's certainly the way it would be interpretted in court.

I'm more interested in the case of using encryption to protect a computer virus. Since the author of the virus actually is the owner of the copyright on the viral code, then the encryption should qualify as a copyright protection device under the DMCA. Law enforcement officials who decrypt the virus to reverse engineer it would be in violation of the DMCA.

Re:GNUNet

[RPoet (20693)]

What about it? GNUNet is an anonymous file sharing application, while Tor is a generic anonymizing networking layer. It can run file sharing apps, but it wasn't even primarily designed for it -- it was designed for safely and anonymously exchanging messages. The American navy started what became the roots of Tor, and it was designed for their needs.

Re:Smilin is all the anonymity I need.

[RPoet (20693)]

The problem with this logic is that it works very poorly for political activists in totalitarian regimes, or anyone with sufficiently unpopular opinions. These people have the right to communicate, and people have the right to hear what they have to say.

Re:YRO = PIRACY

[sfjoe (470510)]

I swear to God that nearly every article filed under YRO is about some new hip flavor of software that will, inevitably, be used to unlawfully distribute intellectual property.

One man's pirate is another man's freedom fighter.