Tor: A JAP Replacement 266
kid_wonder writes "Wired is running an article describing an answer to this previous /. story. Packets are sent through a network of randomly selected servers each of which knows only its predecessor and successor. Packets are unwrapped by a symmetric encryption key at each server that peels off one layer and reveals instructions for the next downstream node. As a 'connection-based low-latency anonymous communication system,' Tor seems to be the answer to JAP to allow anonymous networking activities of all kinds."
Too bad (Score:1, Insightful)
Before you know it... (Score:5, Insightful)
sigh...
Freenet? (Score:5, Insightful)
hmmm (Score:5, Insightful)
No, but seriously, the blurb says this is low latency, how that's the case, I fail to see. First client wants to send a HTTP GET or something similar via Tor, so every packet involved needs that info, plus a little bit extra to get it to the next node, plus a little bit more so the end node knows where it needs to be in the end on the return. So that's two extra little bits, then the stuff gets sent one node across which takes its info off and puts new info on.
Where is the low latency here? All this peeling/adding layers to peel off must be fairly time consuming. I'll admit I quite like the idea, and as soon as I click Submit I'm going to download and try it, but I fail to see how this can be faster than say, InvisibleIRC (IIP) was.
Not Like Freenet (Score:5, Insightful)
Anyway, for those asking, no, this isn't quite like Freenet. In TOR, you decide which points you want to send traffic through (and negotiate encryption keys with each one individually), and, unlike FreeNet, you can tunnel existing protocols over it (like, say http).
There's a lot of promise here, but in his talk, he was looking for sites that had at least 1Mbps up & down speeds for nodes. This isn't quite like Peekabooty, in that right now they're not looking for everyone to run a middleman node.
lessons from cp remailers? (Score:4, Insightful)
The model is bad, because the people running the servers (like the old cypherpunk remailers) are supposed to provide services for free, out of the goodness of their hearts, and take the heat when people do malicious stuff with the network.
It seems to me that it's not a bad technical system, but that it fails when you start to think about the social and economic realities of the net.
Is the route preselected? (Score:5, Insightful)
Is there some way of optimizing a path through a given number of nodes without keeping huge amounts of information about latency on every two nodes, or is this just bouncing the packet around for a while for anonymity and accepting the added latency, plus possibly the time it takes to detect and resend packets when one node in a path suddenly goes dead, making the custom-encrypted packet worthless?
Re:I would imagine (Score:3, Insightful)
# of Japanese that will ever hear of "JAP" *
# that are actually offended = a real small number (probably)
#sarcasm# Hey, maybe only a really small number of black people are reading this, so let's call it NIGR! #/sarcasm#
Honestly, what you said is very stupid. I'm not a fan of PC, but the argument "maybe they'll never know it" is wrong. Have you heard the term World Wide Web?
I've been doing this since August 2003. (Score:2, Insightful)
Re:lessons from cp remailers? (Score:4, Insightful)
sorry, couldn't resist.
still, email works.
these systems are mostly meant for distributing the possible heat anyways.. and making it impossible to pinpoint it on anyone spesific(because you don't even know what you're routing). the problem is when there's some naive people running these that start crying once they figure out what's anonymity mostly needed for(like freenet, they make a system that's practically meant for distributing banned materials and start crying when they realise that the materia had reasons to be banned in the first place..)..
for a normal user though these just mean assurance of that if RIAA/MPAA starts being veeery aggressive about p2p people will switch to some more advanced version of p2p even if it comes with severe performance(speed) hit.
Mixmaster for TCP? (Score:3, Insightful)
Re:Why would the government fund something... (Score:3, Insightful)
Mind you, it's doubtful the average user would be doing anything that interests the military. If you're seriouly worried about the military/goverment monitoring your home internet sessions, you probably need medication (or a lawyer). With everything else going on in the world, I'm sure even Big Brother needs a reason to focus his all seeing eye towards you...
Re:Freenet? (Score:5, Insightful)
But my point is just because it can be used for bad purposes does not mean it necessarily will.
Re:Freenet? (Score:5, Insightful)
First, your dismissal of people who live in China is incredibly inappropriate. Over a billion people live there, and you just dismissed them out of hand. And then there's the exile situation; what about somebody who's now living in the US who still can't speak out freely because of repercussions on friends/family back home? Do they simply not count?
There are plenty of other reasons, though, all the way from "VP in Fortune 500 company wants to expose toxic waste problems without risking being found out as the source" to "I'm such an incredibly paranoid person that I don't want to risk the wrath of the US government for posting these funny pictures of Bush" all the way to the classic standby, "because I want to".
I don't use Freenet, but I also don't simply assume that everybody who searches for perfect anonymity must be a reprehensible criminal.
Criminal everywhere rejoice (Score:2, Insightful)
Re:Freenet? (Score:3, Insightful)
Re:lessons from cp remailers? (Score:3, Insightful)
When doesn't it happen? Freedom of Speech comes to mind. It all sounds great until people find out the KKK are protected. Everything's like that. The best you can hope for is it does more good than harm.
Re:Freenet? (Score:3, Insightful)
First of all, I disagree that that is the "only real reason" why a person would need that much anonymity, but that's not what I'm going to argue.
Rather, I have a simple question for you: What do you think is wrong with wanting that much privacy, even if you don't strictly need it?
Re:Why would the government fund something... (Score:3, Insightful)
that reach far beyond this tor thing. If not, then this is probably okay. =)
TOR Ready! Website logo & list (Score:3, Insightful)
It is nice to know Tor supports standard protocols like http://. But do you really believe those "Tor Ready!" websites will start popping up any time soon? I don't think so. The majority of todays websites do not validate [w3.org], doesn't support IPv6 and many don't even render correctly in the majority of web browsers. Will Tor-Ready be prioritized higher by the average webmaster than these and other more serious issues?
I am also very skeptical to the bandwidth requirements and the latency. My Ipv6 connection gives me full bandwidth, but I do notice that connections going through the tunnel are, in fact, much more latent than normal native Ipv4 connections. So why would I prefer to visit some website using Tor when the real difference is a longer loading period? Yes, what the author says about low latency may be true. It may have less latency than alternatives, but do not try to tell me I won't notice significantly higher latency if I try to IRC through a TOR connection.
People are talking about Ipv6 becoming standard in 5-6 years, I will be amazed if tor still exists at that point in time and even more amazed if it's actually implemented on more than 0.0001% of the Internet's services.
Re:lessons from cp remailers? (Score:3, Insightful)
Ah, well.
Re:Criminal everywhere rejoice (Score:3, Insightful)
That means little.
The same is true of P2P networks.
P2P file distribution is simply both cheap and an effective way of offloading distribution costs onto all consumers -- it is as elegant a concept as the free market.
Currently, much of the use of P2P file distribution happens to be for copyright-infringing content and porn. This is not because of anything inherent to the technology, but because there is a good deal of demand for such content without the overhead of high distribution costs. So the first things to hit P2P were, naturally, porn and copyright-infringing content.
Eventually, as more people understand how to use and take advantage of P2P distribution, it will be incorporated more and more into "legitimate" practices.
The same thing is true of anonymizing stuff. Remember the people who post complaints about someone on, say, Yahoo, and then that person gets a court order to find out who they are? This lets people be truly anonymous if they so desire.
Re:Too bad (Score:2, Insightful)
Re:Why was this modded down? (Score:4, Insightful)
I just don't have any sympathy for people overinduling in their own victimhood. There are people starving around the world, an African continent full of AIDS, people without access to uncontaminated drinkable water, and someone is going to complain about the choice of word that someone uses to describe them, or even more ridiculously, a three-letter-acronym that happens to match up with that word? How can anyone remotely sympathize with someone complaining about this? If they really can't think of a single worthwhile issue to complain about, I'd suggest the upcoming US presidential election, which stands to significantly impact a lot more people than the term that someone uses to refer to a group of people.
Outlet: Child or Porno. (Score:1, Insightful)
I take that you and your rambeling is just a cover for the fact you have a Ph.D. in psychology. Feel free to tell me more about addiction and how having a stash of porno, kiddie or not, is a defining characteristic.
"I'm afraid 'finding an outlet' doesn't help, it just feeds/escalates the addiction, making it more likely the pedophile will go from browsing porn to assaulting children."
You are a fool, they will find an outlet and it *will* be a child or it *will* be child pornography. The choice is child or porno, unless you think most people can keep sexual desires bottled in for the rest of their natural lives without acting on them in any fashion.