EFF Promotes Freenet-like System Tor 379
The submitter continues "It also allows you to install Tor-aware apps, such as an HTTP proxy (for private browsing), or maybe private P2P? Unlike Freenet, it doesn't use massive encryption (as far as I can tell) and relies more on something called onion routing to randomly bounce requests between other Tor proxies, thus obfuscating the IP of the original client. So it allows you to browse regular Internet sites! Maybe it should be considered more of an 'open-source' Anonymizer? But I don't know if it's actually Open Source - you can download the source (and compile it yourself) but I don't know if the developers are letting anyone else touch their code. They are, however, looking for contributors and other forms of help. And, finally, they're hoping people will start running Tor servers!" It's open source, however contributions are handled.
AT&T Crowds (Score:3, Informative)
Re:If they really want (Score:3, Informative)
Re:If they really want (Score:5, Informative)
be trusted. Your communications with them are
encrypted and they know only the next hop in the
circuit -- they do not know the exit node and they
do not know the content of your communication.
Whups, so much for that idea. (Score:5, Informative)
Well, so much for that. *badaboom*
Re:Solutions are simple. (Score:5, Informative)
The DMCA prohibits circumventing a protection on a copyrighted work. Encryption only qualifies as a "protection device" if the person doing the encryption is the holder of the copyright. You can't "protect" what you do not own.
I don't know if the DMCA contains precisely this language, but it's certainly the way it would be interpretted in court.
I'm more interested in the case of using encryption to protect a computer virus. Since the author of the virus actually is the owner of the copyright on the viral code, then the encryption should qualify as a copyright protection device under the DMCA. Law enforcement officials who decrypt the virus to reverse engineer it would be in violation of the DMCA.
Re:If they really want (Score:5, Informative)
It's not entirely unlike Mixmaster, only low latency.
Misconceptions about Tor (from Chris @ EFF) (Score:5, Informative)
1. Spam? Well, spammers already have much better tools than Tor. Namely, botnets. The Tor network currently doesn't support the kind of bandwidth usage spammers can chew up. By their willingness to break the law, spammers and criminals already have good tools to hide their network origin. Tor doesn't really help them. Plus, the default Tor exit policy is to block port 25.
2. Free/open source? Yes, three-clause BSD. EFF would not financially support a non-free/open source project!
3. Do you have to trust the nodes? You have to trust the entry node and the exit node. The entry node can be on your own computer, which I highly advise people to do. It's easy to install on all platforms, so that shouldn't be a hurdle. As far as trusting the exit node: Yes, the exit node can see the plaintext of your communications. That is why you should always use end-to-end encryption, anyway! Remember, all normal Internet routers in your route can read your traffic; Tor is actually BETTER because traffic is strongly encrypted (AES, multiple times) while inside the Tor network.
So, you actually have to trust Tor a bit less than regular Internet routes.
Use encryption.
4. Is it like Freenet/Crowds/Anonymizer? Yes, and no. It is like somewhat like those systems in goals, but the design is different. For example, unlike Freenet, Tor helps you talk to the real Internet. Unlike Anonymizer, Tor uses a whole network of proxies, not a single proxy; and the proxies are generic SOCKS proxies, not specifically HTTP.
5. Version number is too low. Is this alpha software? Roger and Nick are very modest.
6. Is there a backdoor? Well, you tell me. The source code is open. Is there a backdoor in other free software you like?
7. Minimum bandwidth requirement? For exit and middleman nodes, yes, you should have a reasonable pipe and a stable machine. "Reasonable" pipe can mean a good DSL connection. Crappy nodes can degrade the network for those poor saps whose circuit goes through one. That is why the directory server operators won't list your server unless it meets basic stability and bandwidth requirements.
Re:Spammers (Score:5, Informative)
Look the documentation [eff.org]
the faq responds your second question [noreply.org]Scalability (Score:3, Informative)
In Tor's case there is a centralised global list of all peers which must be added to manually by Tor's developers. This is fine with a small number of users, for which Tor clearly works well, but isn't practical when dealing with large numbers of users.
Freenet, for all its faults, is designed to deal with potentially millions of unreliable peers. It is its ability to do this that makes it such an ambitious project, and makes any comparision between it and Tor a situation of apples and oranges.
Re:Is is in Java? (Score:1, Informative)
Re:This actually works.... (Score:4, Informative)
A Hidden Service URL looks something like this:
http://6sxoyfb3h2nvok2d.onion/
And, obviously, only functions when the TOR daemon intercepts your web browsers requests...
The very cool thing about TOR is that it not only can forward HTTP but also any other arbitrary protocol... You can even forward SSH traffic if you are among the uber paranoid elite.
Since noone believes me when I post about it... (Score:4, Informative)
Net anonymity service back-doored [theregister.co.uk]
Basicly, they were given the choice of backdooring it or shutting it down. Yes, the whole network. They did install a backdoor (still with source), got found out but they didn't exactly have much trust left.
Can someone explain to me why the exact same will not happen to this service? Any reason why TOR servers would have greater legal immunity? I don't see it, at least.
Kjella
Re:Yay! Piracy! (Score:4, Informative)
I don't think this system will be usable for piracy. Have you ever used <hat foil="tin">Freenet</hat>? Because of all the hopping though random nodes, "random" routes and encrypted traffic it's quite slow.
Take the example of the average "anonymous proxy" on the internet. After someone finds the proxy, it usually takes about 5 to 10 hours before the proxie's bandwith is completely saturated making it unusable. Even if Tor is to loadbalance all it's nodes, it's still going to be SLOW with the added encryption etc. Remember kids, using proxies that are close to you isn't anonimity but asking for problems with the law (usually why people want to use anonymous proxies is to avoid problems their employer/government could create).
Lastly, most anonymous networks are unreliable by nature. Freenet is unreliable because it drops "unpopular" keys and their content in favour of popular keys. Anonymous relays (eg mixmasters) are known to drop messages at random.
you don't have to be an exit node (Score:5, Informative)
Comments (Score:4, Informative)
Once I get the firewall box I want set up I plan to make one port link directly into Tor, so that anything plugged into that port is shunted 100% into the Tor network. Right now you've sort of got to trust that your program really is punching everything through the SOCKS proxy - not all programs are really reliable about that, plus the program can still see your IP if you're not behind a firewall.
Padon me if I missed it... (Score:4, Informative)
Kjella
Re:GNUNet (Score:1, Informative)
Re:the problem with Freenet (Score:1, Informative)
It is, essentially, a photo of a crime scene (assuming you don't mean hentai), distributed because some people like to see that kind of crime, so what if someone was using your computer to transmit photos of themselves robbing houses? Potentially, especially if they're not careful, there could be clues that law-enforcement could use. Also, if there was any money being made from the distribution, that might leave a trail for law-enforcement to follow.
Even if it's no help catching the people, it's robbing the house that's the problem, far more than using your computer to help distribute information about the crime (whether footage or simply a written account).
The more practical problems, in my opinion, are:
- Any society where this can happen unnoticed by (the caring) relatives or the community.
- Whether you know it's there or not, it's illegal to simply have child porn stored on your computer.
I'm not denying it's a problem, that allowing these people a channel to distribute their filth is in some measure an unwitting encouragement, but if nobody could distribute evidence of it, children would still be abused, the only way to get rid of it is with the right legal and social structures in place in any given to community. The internet is not the primary problem.
It is, however a new and strange environment. As a species we've got a long way to go to properly adapt.
Re:Since noone believes me when I post about it... (Score:4, Informative)
Can someone explain to me why the exact same will not happen to this service? Any reason why TOR servers would have greater legal immunity? I don't see it, at least.
One reason: the white-hat lawyers at the EFF.
I didn't see any indication from your link whether the JAP team got any legal consultation. Did they fully understand their rights and options before they gave in to the authorities?
I don't think the EFF is sponsoring this just to move the technology along. I'd bet that they also want to use Tor to advance their legal arguments for anonymity. They've probably already drawn up "battle plans" for likely legal challenges.
Re:Onion Routing != FreeNet (Score:5, Informative)
Freenet is a system which anonymizes content. Specifically, digital files.
TOR is a system which anonymizes connections. Specifically TCP connections.
While anonymizing client TCP connections has been around for awhile, TOR is the first major project (possibly second to i2p) that allows one to anonymize TCP *server* connections.
In my experience, TOR has been vastly more reliable than Freenet. Whether this can be attributed to the youth and small size of the TOR network relative to Freenet remains to be seen...
Re:Padon me if I missed it... (Score:3, Informative)
http://tor.freehaven.net/cvs/tor/doc/tor-doc.ht
But basically, even just running a client is good since the more clients using tor (up to the capacity of the network) increases the anonymity of all users. Only time will tell if enough volunteers will run servers to keep up with demand.
Re:Anonymity is a good thing? (Score:3, Informative)
I'd call him brilliant for that one.
Free-as-in-beer does not make it legal (Score:3, Informative)
Free-as-in-beer does not make it legal. The creation, distribution, and possession of child pornography remains criminal even when no money changes hands.
It doesn't matter if no one downloads your files, you have made the attempt to distribute through a plausible channel and that is enough to hang you.
"Mere viewing" is not a victimless crime. This is lazy, inexcusable, sloppy, thinking.
Put yourself in the place of the child, her guardians, her counselors, and ask if you would want still photos and videos of her rape to be broadcast over the net, to circulate for all eternity.
You haven't considered the possibility that the child might be identifiable and still at risk. You view her anonymously but do nothing to help. Silence gives consent.
Re:EFF makes me happy. (Score:1, Informative)