Tor: A JAP Replacement

kid_wonder writes "Wired is running an article describing an answer to this previous /. story. Packets are sent through a network of randomly selected servers each of which knows only its predecessor and successor. Packets are unwrapped by a symmetric encryption key at each server that peels off one layer and reveals instructions for the next downstream node. As a 'connection-based low-latency anonymous communication system,' Tor seems to be the answer to JAP to allow anonymous networking activities of all kinds."

Too bad

[Anonymous Coward]

The DoD will just block such methods.!

Before you know it...

[cytoman]

... the RIAA and the MPAA will be all over this, denouncing it and crying foul!

sigh...

Freenet?

[pope nihil]

Isn't this onion routing thing exactly what freenet uses?

hmmm

[SinaSa]

Tor - The internet onion!

No, but seriously, the blurb says this is low latency, how that's the case, I fail to see. First client wants to send a HTTP GET or something similar via Tor, so every packet involved needs that info, plus a little bit extra to get it to the next node, plus a little bit more so the end node knows where it needs to be in the end on the return. So that's two extra little bits, then the stuff gets sent one node across which takes its info off and puts new info on.

Where is the low latency here? All this peeling/adding layers to peel off must be fairly time consuming. I'll admit I quite like the idea, and as soon as I click Submit I'm going to download and try it, but I fail to see how this can be faster than say, InvisibleIRC (IIP) was.

Not Like Freenet

[gclef]

Wow. Lots of DefCon related stories.

Anyway, for those asking, no, this isn't quite like Freenet. In TOR, you decide which points you want to send traffic through (and negotiate encryption keys with each one individually), and, unlike FreeNet, you can tunnel existing protocols over it (like, say http).

There's a lot of promise here, but in his talk, he was looking for sites that had at least 1Mbps up & down speeds for nodes. This isn't quite like Peekabooty, in that right now they're not looking for everyone to run a middleman node.

lessons from cp remailers?

[astrashe]

What happens when people start doing bad stuff with the tor system? You know it's going to happen...

The model is bad, because the people running the servers (like the old cypherpunk remailers) are supposed to provide services for free, out of the goodness of their hearts, and take the heat when people do malicious stuff with the network.

It seems to me that it's not a bad technical system, but that it fails when you start to think about the social and economic realities of the net.

Is the route preselected?

[brett42]

From the couple of days I spent actually working in my highschool cisco class, I remember each router in a path is supposed to be able to optimize the route a packet is sent on by using local information and the packet's final destination. From what I gather from the limited technical details in the article, this protocol would require knowledge of the entire route at the initial node to handle the 'onion layer' encryption.

Is there some way of optimizing a path through a given number of nodes without keeping huge amounts of information about latency on every two nodes, or is this just bouncing the packet around for a while for anonymity and accepting the added latency, plus possibly the time it takes to detect and resend packets when one node in a path suddenly goes dead, making the custom-encrypted packet worthless?

Re:I would imagine

[koi88]

# of Japanese that know what the term "Jap" means *
# of Japanese that will ever hear of "JAP" *
# that are actually offended = a real small number (probably)

#sarcasm# Hey, maybe only a really small number of black people are reading this, so let's call it NIGR! #/sarcasm#
Honestly, what you said is very stupid. I'm not a fan of PC, but the argument "maybe they'll never know it" is wrong. Have you heard the term World Wide Web?

I've been doing this since August 2003.

[NoMoreNicksLeft]

Why is this so tough for people to "get" ?

Re:lessons from cp remailers?

[gl4ss]

like spammers taking advantage of a fairly open email system?
sorry, couldn't resist.

still, email works.

these systems are mostly meant for distributing the possible heat anyways.. and making it impossible to pinpoint it on anyone spesific(because you don't even know what you're routing). the problem is when there's some naive people running these that start crying once they figure out what's anonymity mostly needed for(like freenet, they make a system that's practically meant for distributing banned materials and start crying when they realise that the materia had reasons to be banned in the first place..)..

for a normal user though these just mean assurance of that if RIAA/MPAA starts being veeery aggressive about p2p people will switch to some more advanced version of p2p even if it comes with severe performance(speed) hit.

Mixmaster for TCP?

[kinema]

This sounds a lot like an implementation of Mixmaster [sourceforge.net] for TCP.

Re:Why would the government fund something...

[tacarat]

Sure, monitor one of the known ends and dumping the packets to file for cracking later. Of course, the main question is how practical would it be to do? If the encryption has a good algorithm, then it could be too computationally expensive to decrypt meaningful amounts of data. If the algorithm is weak, then near real-time monitoring might be practical. Besides, reading the article, it's being set up more to help intelligence spooks do research without tipping everybody else in the world off. Not including terrorists and foriegn goverments, lots of entities would love to know what the US intelligence community finds interesting.
Mind you, it's doubtful the average user would be doing anything that interests the military. If you're seriouly worried about the military/goverment monitoring your home internet sessions, you probably need medication (or a lawyer). With everything else going on in the world, I'm sure even Big Brother needs a reason to focus his all seeing eye towards you...

Re:Freenet?

[Sgs-Cruz]

Which is your right, obviously. But don't be accusing anyone who uses it of trading child porn. I was using Freenet a while back just for the novelty of trying it out -- I found it (much like the Gnutella network) unusable for downloading music/movies so I stopped using it.

But my point is just because it can be used for bad purposes does not mean it necessarily will.

Re:Freenet?

[HeghmoH]

What a crazy attitude to have. There are other reasons you'd need that much anonymity.

First, your dismissal of people who live in China is incredibly inappropriate. Over a billion people live there, and you just dismissed them out of hand. And then there's the exile situation; what about somebody who's now living in the US who still can't speak out freely because of repercussions on friends/family back home? Do they simply not count?

There are plenty of other reasons, though, all the way from "VP in Fortune 500 company wants to expose toxic waste problems without risking being found out as the source" to "I'm such an incredibly paranoid person that I don't want to risk the wrath of the US government for posting these funny pictures of Bush" all the way to the classic standby, "because I want to".

I don't use Freenet, but I also don't simply assume that everybody who searches for perfect anonymity must be a reprehensible criminal.

Criminal everywhere rejoice

[nasor]

This sort of thing is of little use to anyone but criminals. Yes, I realize that you shouldn't necessarily ban or restrict something that has legitimate uses simply because it's also useful for criminals, but I think it's worth asking whether or not something like this would really be a net benefit to society. I know the Freenet crowd likes to make constant reference to oppressive governments, political dissidents, etc., but does anyone really think that the ratio of illegal porn and illicitly-traded copyrighted material to legitimate use isn't astronomical?

Re:Freenet?

[Trejkaz]

Also, what about people who may work for, picking a random company, JBoss Inc., but want to register for multiple forum accounts without getting busted? :-)

Re:lessons from cp remailers?

[NanoGator]

"What happens when people start doing bad stuff with the tor system? You know it's going to happen..."

When doesn't it happen? Freedom of Speech comes to mind. It all sounds great until people find out the KKK are protected. Everything's like that. The best you can hope for is it does more good than harm.

Re:Freenet?

[Dwonis]

the only real reason you'd need that much anonymity is for kiddy pr0n...

First of all, I disagree that that is the "only real reason" why a person would need that much anonymity, but that's not what I'm going to argue.

Rather, I have a simple question for you: What do you think is wrong with wanting that much privacy, even if you don't strictly need it?

Re:Why would the government fund something...

[FauxPasIII]

If the navy has figured out how to factor the product of two large primes quickly, then we've got big problems
that reach far beyond this tor thing. If not, then this is probably okay. =)

TOR Ready! Website logo & list

[xiando]

It's been quite a while since I made my site LinuxReviews [linuxreviews.org] IPv6 Ready [linuxreviews.org]. This has made me look at the IPv6-ready Web Server list [uni-leipzig.de] from time to time and sadly there is very few sites out there that are IPv6 capable.

It is nice to know Tor supports standard protocols like http://. But do you really believe those "Tor Ready!" websites will start popping up any time soon? I don't think so. The majority of todays websites do not validate [w3.org], doesn't support IPv6 and many don't even render correctly in the majority of web browsers. Will Tor-Ready be prioritized higher by the average webmaster than these and other more serious issues?

I am also very skeptical to the bandwidth requirements and the latency. My Ipv6 connection gives me full bandwidth, but I do notice that connections going through the tunnel are, in fact, much more latent than normal native Ipv4 connections. So why would I prefer to visit some website using Tor when the real difference is a longer loading period? Yes, what the author says about low latency may be true. It may have less latency than alternatives, but do not try to tell me I won't notice significantly higher latency if I try to IRC through a TOR connection.

People are talking about Ipv6 becoming standard in 5-6 years, I will be amazed if tor still exists at that point in time and even more amazed if it's actually implemented on more than 0.0001% of the Internet's services.

Re:lessons from cp remailers?

[0x0d0a]

I'm concerned that negative impacts could be used as ammunition for attempts to ban anonymous systems. I'd rather have a more strongly entrenched group of people using anonymizing software before seeing something released that can be used to attack systems anonymously.

Ah, well.

Re:Criminal everywhere rejoice

[0x0d0a]

but does anyone really think that the ratio of illegal porn and illicitly-traded copyrighted material to legitimate use isn't astronomical?

That means little.

The same is true of P2P networks.

P2P file distribution is simply both cheap and an effective way of offloading distribution costs onto all consumers -- it is as elegant a concept as the free market.

Currently, much of the use of P2P file distribution happens to be for copyright-infringing content and porn. This is not because of anything inherent to the technology, but because there is a good deal of demand for such content without the overhead of high distribution costs. So the first things to hit P2P were, naturally, porn and copyright-infringing content.

Eventually, as more people understand how to use and take advantage of P2P distribution, it will be incorporated more and more into "legitimate" practices.

The same thing is true of anonymizing stuff. Remember the people who post complaints about someone on, say, Yahoo, and then that person gets a court order to find out who they are? This lets people be truly anonymous if they so desire.

Re:Too bad

[Brannoch]

Why would the DoD block Tor when the Navy is the organization funding its development?

Re:Why was this modded down?

[0x0d0a]

Frankly, I don't give a damn one way or the other what someone calls someone else. I'm white. If someone wants to call me "whitey" or "cracker", I might think it's kind of funny, but other than that, it doesn't mean anything to me.

I just don't have any sympathy for people overinduling in their own victimhood. There are people starving around the world, an African continent full of AIDS, people without access to uncontaminated drinkable water, and someone is going to complain about the choice of word that someone uses to describe them, or even more ridiculously, a three-letter-acronym that happens to match up with that word? How can anyone remotely sympathize with someone complaining about this? If they really can't think of a single worthwhile issue to complain about, I'd suggest the upcoming US presidential election, which stands to significantly impact a lot more people than the term that someone uses to refer to a group of people.

Outlet: Child or Porno.

[Anonymous Coward]

"Yes, having porn isn't de facto an addiction. But keeping a stash of illegal material (=knowingly breaking the law to satisfy your cravings) is one of the signs of an addiction."

I take that you and your rambeling is just a cover for the fact you have a Ph.D. in psychology. Feel free to tell me more about addiction and how having a stash of porno, kiddie or not, is a defining characteristic.

"I'm afraid 'finding an outlet' doesn't help, it just feeds/escalates the addiction, making it more likely the pedophile will go from browsing porn to assaulting children."

You are a fool, they will find an outlet and it *will* be a child or it *will* be child pornography. The choice is child or porno, unless you think most people can keep sexual desires bottled in for the rest of their natural lives without acting on them in any fashion.