Tor: A JAP Replacement 266
kid_wonder writes "Wired is running an article describing an answer to this previous /. story. Packets are sent through a network of randomly selected servers each of which knows only its predecessor and successor. Packets are unwrapped by a symmetric encryption key at each server that peels off one layer and reveals instructions for the next downstream node. As a 'connection-based low-latency anonymous communication system,' Tor seems to be the answer to JAP to allow anonymous networking activities of all kinds."
Before you know it... (Score:5, Insightful)
sigh...
Re:Before you know it... (Score:2)
Talk about politically incorrect (Score:4, Funny)
Re:Talk about politically incorrect (Score:5, Funny)
Re:Talk about politically incorrect (Score:2)
Re:Talk about politically incorrect (Score:3, Interesting)
I do think slashdot's only purpose on the Internet is to aggregate stupidity.
Freenet? (Score:5, Insightful)
Comment removed (Score:5, Informative)
Re:Freenet? (Score:2)
There was discussion once upon a time about adding a couple of steps of onion routing before the Freenet routing starts - that would be
Re:Freenet? (Score:5, Insightful)
But my point is just because it can be used for bad purposes does not mean it necessarily will.
Re:Freenet? (Score:3, Informative)
Re:Freenet? (Score:4, Interesting)
Re:Freenet? (Score:2)
Kiddy porn though, is still taboo to all but the sickest fucks. Besides which, anonymous or not, it's still in essence a peering arrangement. If you were to start DDoSing everyone on metanet, the person that invited you would wait about 3 seconds before rescinding your invitation and kicking you out. Do you think they'd be any more tolerant of kiddy porn, of terrorism-related activities?
Re:Freenet? (Score:2)
Nuclear physics - could have given cheap clean energy, gave us masss death and paranoia as well.
Telephone/Email - meant for personal communications, now so badly choked with shit/marketing that they are barely worth using.
Guns - meant for personal defense or defense of a nation against attack, mainly used t
Re:Freenet? (Score:2)
> Guns - meant for personal defense or defense of a nation against attack, mainly used to kill people.
Guns were made to kill, either for hunting or for offense. That also makes them usefull for defense, but that was not why they were invented. I suggest reading up on EUropean history between 1200 and 1600 to see in which environment they came to exist.
That doesn't remove the usability of guns btw, hunting is a very legitimate u
Re:Freenet?-TRUST US! (Score:2)
> worry people. I have it on good word that it will not be used for bad purposes.
Apples and oranges. If you don't believe me, then try to name 3 _good_ uses of biological weapons.
Go on, I'll wait.
Re:Freenet?-TRUST US! (Score:2)
If your goal is to blast them off the planet, nukes are very usefull... that doesn't mean that nukes are generally usefull or desired or such. They serve no purpose other then destruction and thread of destruction. Come back when you can point us at positive contributions of either biological or nuclear weapons (threatening peoiple is not positive
Beneficial nuclear weapon uses. (Theoretical) (Score:2)
#2 Some mutant form of fungus, bacteria, or virus emerges into the world (and you're allowed to take a potshot here... it might very well be an escaped bioweapon). A cure is unlikely, and the infection spreads too rapidly to be contained via traditional quarantine meth
Re:Beneficial nuclear weapon uses. (Theoretical) (Score:2)
I already said that I do see why weapons can be usefull in specific cases, so why trying to make that point? Besides, you will not have a clue whatsoever about how bio weps are going to work on Tau Cetans or what not.
> #2 Some mutant form of fungus, bacteria,
Re:Beneficial nuclear weapon uses. (Theoretical) (Score:2)
Re:Freenet? (Score:5, Insightful)
First, your dismissal of people who live in China is incredibly inappropriate. Over a billion people live there, and you just dismissed them out of hand. And then there's the exile situation; what about somebody who's now living in the US who still can't speak out freely because of repercussions on friends/family back home? Do they simply not count?
There are plenty of other reasons, though, all the way from "VP in Fortune 500 company wants to expose toxic waste problems without risking being found out as the source" to "I'm such an incredibly paranoid person that I don't want to risk the wrath of the US government for posting these funny pictures of Bush" all the way to the classic standby, "because I want to".
I don't use Freenet, but I also don't simply assume that everybody who searches for perfect anonymity must be a reprehensible criminal.
Re:Freenet? (Score:3, Insightful)
Re:Freenet? (Score:3, Insightful)
First of all, I disagree that that is the "only real reason" why a person would need that much anonymity, but that's not what I'm going to argue.
Rather, I have a simple question for you: What do you think is wrong with wanting that much privacy, even if you don't strictly need it?
Re:Freenet? (Score:2)
First of all, I'll say that I don't care much for kiddie pr0n. But it's not my job in life to tell others what they should be doing. If kiddie pr0n is what makes their life complete, let 'em have it. If it's as bad as we all think, God (or whomever you believe to be the supreme ruler of the Universe) will sort it out. Not me. It's not my job to dictate how YOU live YOUR life.
However, the gove
Re:Freenet? (Score:2)
The argument against kiddy porn is that it harms the children, and thus your argument is invalid - we lock away murderers because
Re:Freenet? (Score:2)
Re:Freenet? (Score:2)
Re: (Score:2)
Child porn in a non-profitable environment (Score:2)
The extreme anonymity provided by Freenet is exactly why I'm avoiding it like the plague (and also because it's a Java thing, but that's another problem): unless you live in some dictatorship like China, the only real reason you'd need that much anonymity is for kiddy pr0n...
I'm curious -- what issue do you take with child porn in such an environment as Freenet? Yes, it's anonymous, but in such an environment, it's not possible for pornography producers to profit fr
Re:Freenet? (Score:2)
Actually, China is an oligarchy, where a small group of members of a clique rule either collectively or in rotation, as opposed to the Catholic Church, which I would call an "oligarchical elective dictatorship," where the clique elects the dictator and then goes back to being subservient to it.
Re:Freenet? (Score:4, Informative)
Re:Freenet vs onion routing (Score:5, Informative)
In onion routing the client picks N nodes from the list of servers and encrypts using each servers public key. Then sends the data to the first server. In onion routing each packet of data contains the entire routing list, though it is encrypted in such a way that each node can only tell what the next node is.
Each Freenet nodes caches data blocks based on demand. When a request arrives looking for a data block Freenet forwards the request to a node that has similar information until the correct block is found. Each freenet node only knows about the next and previous nodes, and the route is determined by the key you are searching for.
Re:Freenet vs onion routing (Score:3, Informative)
Re:Freenet? (Score:5, Informative)
Re:Freenet? (Score:4, Informative)
Not in the same form.
Freenet allows posting of data, which does travel through multiple nodes, much like this one. It also allows retrieval of data. However, the two are separate operations. You don't establish a connection between the publisher of data and the reciever, which means Freenet tends to be unsuitable for things that require even remotely interactive latency. I think Tor might wind up being a bit high for, say, SSH, but it could easily be just fine for instant messaging -- two people that don't know each other by anything but pseudonyms and cannot trace each other can conduct conversations.
hmmm (Score:5, Insightful)
No, but seriously, the blurb says this is low latency, how that's the case, I fail to see. First client wants to send a HTTP GET or something similar via Tor, so every packet involved needs that info, plus a little bit extra to get it to the next node, plus a little bit more so the end node knows where it needs to be in the end on the return. So that's two extra little bits, then the stuff gets sent one node across which takes its info off and puts new info on.
Where is the low latency here? All this peeling/adding layers to peel off must be fairly time consuming. I'll admit I quite like the idea, and as soon as I click Submit I'm going to download and try it, but I fail to see how this can be faster than say, InvisibleIRC (IIP) was.
Re:hmmm (Score:5, Informative)
hmmm-They went, all those ways. (Score:2, Interesting)
Do you mean this? (Score:2, Informative)
Re:hmmm-They went, all those ways. (Score:2)
Benjamin Franklin (Score:3, Funny)
I need my data at the speed of light, bitches!
Re:hmmm (Score:2)
Re:hmmm (Score:5, Informative)
I believe the encryption is layered on from the start, and peeling occurs at each transfer, not peel/crypt/peel/crypt/etc.
I was surprised to see no one posted this earlier; the author of Tor gave a very good presentation at DEFCON last week, and I'll have to get out my CD with his presentation on it, but it's different from Freenet in a few ways. For one, apparently Freenet isn't totally free.
As a side-note, the author is still working on a method to accept/sign-up/recruit primary [trusted] nodes.
Re:hmmm (Score:2)
I would imagine (Score:5, Funny)
Re:I would imagine (Score:2, Funny)
Re:I would imagine (Score:3, Insightful)
# of Japanese that will ever hear of "JAP" *
# that are actually offended = a real small number (probably)
#sarcasm# Hey, maybe only a really small number of black people are reading this, so let's call it NIGR! #/sarcasm#
Honestly, what you said is very stupid. I'm not a fan of PC, but the argument "maybe they'll never know it" is wrong. Have you heard the term World Wide Web?
Not Like Freenet (Score:5, Insightful)
Anyway, for those asking, no, this isn't quite like Freenet. In TOR, you decide which points you want to send traffic through (and negotiate encryption keys with each one individually), and, unlike FreeNet, you can tunnel existing protocols over it (like, say http).
There's a lot of promise here, but in his talk, he was looking for sites that had at least 1Mbps up & down speeds for nodes. This isn't quite like Peekabooty, in that right now they're not looking for everyone to run a middleman node.
Re:Not Like Freenet (Score:5, Interesting)
Re:Not Like Freenet (Score:4, Interesting)
Interestingly, one of the other reasons is that he managed to convince the Navy that others would use and trust the code (therefore making the Navy's use of it more difficult to detect) if those others could read the code and implement it themselves. I'm honestly kinda surprised (but happy) that the Navy agreed to it.
Onion routing (Score:5, Funny)
I've just tried to set www.theonion.com:8800 as http proxy but it doesn't work...
Re:Onion routing (Score:5, Funny)
Why would the government fund something... (Score:4, Interesting)
If the Navy is funding this project, don't you think they have already found a way of monitoring it?
Re:Why would the government fund something... (Score:3, Insightful)
Re:Why would the government fund something... (Score:2)
Not including terrorists and foriegn goverments, lots of entities would love to know what the US intelligence community finds interesting.
Your point here is the most interesting. I think you have it right on the ball here. I am sure there are a number of large corporations that would love to know about any potential future flare ups in certain regions so that they can get their tenders in for redevelopment work and other such things in before their competition has even heard about it.
I suspect 20 minut
Re:Why would the government fund something... (Score:2, Informative)
"The man needs your cover traffic just as much as you need the man for his cover traffic.."
Re:Why would the government fund something... (Score:3, Insightful)
that reach far beyond this tor thing. If not, then this is probably okay. =)
Been around for awhile... (Score:5, Informative)
Such systems right now have too high a latency and too much overhead (such as a peer sending "noise" into the network when not having the need to send any real data, just to deter packet analysis) that they aren't terribly practical... for now. So you most likely won't see the technology bundled in the next KaZaA, BitTorrent, etc., but we'll see what the future holds.
- sm
Re:Been around for awhile... (Score:3, Interesting)
too bad... (Score:3, Funny)
lessons from cp remailers? (Score:4, Insightful)
The model is bad, because the people running the servers (like the old cypherpunk remailers) are supposed to provide services for free, out of the goodness of their hearts, and take the heat when people do malicious stuff with the network.
It seems to me that it's not a bad technical system, but that it fails when you start to think about the social and economic realities of the net.
Re:lessons from cp remailers? (Score:4, Insightful)
sorry, couldn't resist.
still, email works.
these systems are mostly meant for distributing the possible heat anyways.. and making it impossible to pinpoint it on anyone spesific(because you don't even know what you're routing). the problem is when there's some naive people running these that start crying once they figure out what's anonymity mostly needed for(like freenet, they make a system that's practically meant for distributing banned materials and start crying when they realise that the materia had reasons to be banned in the first place..)..
for a normal user though these just mean assurance of that if RIAA/MPAA starts being veeery aggressive about p2p people will switch to some more advanced version of p2p even if it comes with severe performance(speed) hit.
Re:lessons from cp remailers? (Score:3, Insightful)
When doesn't it happen? Freedom of Speech comes to mind. It all sounds great until people find out the KKK are protected. Everything's like that. The best you can hope for is it does more good than harm.
Re:lessons from cp remailers? (Score:3, Insightful)
Ah, well.
You missed some points. (Score:5, Interesting)
1. The Navy is bankrolling the development, presumably to allow government employees to surf around without leaving ".gov" and ".mil" ip addresses in logs.
2. JAP supposedly has a German Government implanted backdoor that this one shouldn't because it's open source.
I think that the US Government is bankrolling it to piss off the Chinese.
Re:You missed some points. (Score:3, Interesting)
you can get the sourcecode for JAP here [tu-dresden.de].
they were told to record access to a child porn site, which they did (visible in the source). they cought one access to that site, but the data had to be deleted after another court ruling which declared the surveillance illegal.
Apparently there's a Japanese version as well.... (Score:4, Funny)
An Important Message (Score:5, Funny)
This technology will certainly become a favored tool of terrorists trying to avoid the justice of the Bush administration.
Sincerely,
The MPAA.
Re:An Important Message (Score:2)
My New Algorithm (Score:2, Funny)
HONKY, for short. I guess that name won't be a problem, will it? I mean, since JAP seems to be okay...
Right hand, talk to left hand please! (Score:4, Funny)
Nothing new (Score:3, Informative)
Re:Nothing new (Score:2)
Because of that, you can build a better anonymizing system for smtp because you can avoid timing attacks more easily. If you're interested in anonymous mail, though,
Is the route preselected? (Score:5, Insightful)
Is there some way of optimizing a path through a given number of nodes without keeping huge amounts of information about latency on every two nodes, or is this just bouncing the packet around for a while for anonymity and accepting the added latency, plus possibly the time it takes to detect and resend packets when one node in a path suddenly goes dead, making the custom-encrypted packet worthless?
Re:Is the route preselected? (Score:4, Informative)
Correct. The sender wraps the whole onion, and each router removes one layer.
Is there some way of optimizing a path through a given number of nodes without keeping huge amounts of information about latency on every two nodes, or is this just bouncing the packet around for a while for anonymity and accepting the added latency?
It's more like the latter. Optimizing for performance tends to be at odds with anonymity.
I've been doing this since August 2003. (Score:2, Insightful)
Re:I've been doing this since August 2003. (Score:2, Interesting)
Maybe because you say right on your website [24.125.12.101], "Don't post this to slashdot. You will murder my cable modem."
Who knows how many truely brilliant ideas have languished in obscurity because their author was afraid of a slashdotting... Surely thousands -- no, millions...
Re:I've been doing this since August 2003. (Score:2)
Re:I've been doing this since August 2003. (Score:2)
If you're somewhere other than the US, ask me. Chances are I'd gladly let you on.
If you're in the US, you could always find that canadian/european buddy from AIM, tell him about it. Maybe if he were to be invited himself, he'd feel grateful enough to invite you. ("Gee, anoncow tipped me off to this, but didn't invite me him
Mixmaster for TCP? (Score:3, Insightful)
Anonymous mailer technology (Score:5, Interesting)
I was at a presentation by the guy behind MixMaster and was impressed by all the thought that has gone into the various generations of the application. They even had it generating fake messages so you can't do traffic analysis.
Re:Anonymous mailer technology (Score:2)
Not a reinvention, but it's based on Mix nets. These people have been working on anonymity networks for years, and have done a lot of research into building solid systems from ideas that are largely theoretical or ad-hoc. Look online for Syverson's publications and you'll see what I mean.
Goodness me (Score:2, Funny)
Onion Routing (Score:5, Interesting)
It's important to note that there are some statistical attacks on both of these systems, and none of them are very secure for long communication sessions when group membership churns, as in a peer-to-peer network.
Criminal everywhere rejoice (Score:2, Insightful)
Re:Criminal everywhere rejoice (Score:2)
Business is cutthroat. Communications in one company, if intercepted, can give other companies the edge. One layer of protection isn't enough, but then again, encrypting everything in one layer gives the would-be cracker that much more difficulty getting to the valuable blood of business.
This,
Who do you work for? (Score:2)
Re:Who do you work for? (Score:2)
Re:Criminal everywhere rejoice (Score:2)
please to trade my freedom for the appearance of security...
Re:Criminal everywhere rejoice (Score:3, Insightful)
That means little.
The same is true of P2P networks.
P2P file distribution is simply both cheap and an effective way of offloading distribution costs onto all consumers -- it is as elegant a concept as the free market.
Currently, much of the use of P2P file distribution happens to be for copyright-infringing content and porn. This is not because of anything inherent t
Oh, for God's sake... (Score:4, Interesting)
Onion-skin-routing not new (Score:2)
Since heavily-used onion-skin-routing can make traffic analysis a pain and is one of the best anonymity mechanisms we have, I'm certainly cheering Tor on. If you don't like your network usage being monitored, be it web browsing, newsgroup reading, email, or chatting, onion-skin routing is a Good Thing.
TOR Ready! Website logo & list (Score:3, Insightful)
It is nice to know Tor supports standard protocols like http://. But do you really believe those "Tor Ready!" websites will start popping up any time soon? I don't think so. The majority of todays websites do not validate [w3.org], doesn't support IPv6 and many don't even render correctly in the majority of web browsers. Will Tor-Ready be prioritized higher by the average webmaster than these and other more serious issues?
I am also very skeptical to the bandwidth requirements and the latency. My Ipv6 connection gives me full bandwidth, but I do notice that connections going through the tunnel are, in fact, much more latent than normal native Ipv4 connections. So why would I prefer to visit some website using Tor when the real difference is a longer loading period? Yes, what the author says about low latency may be true. It may have less latency than alternatives, but do not try to tell me I won't notice significantly higher latency if I try to IRC through a TOR connection.
People are talking about Ipv6 becoming standard in 5-6 years, I will be amazed if tor still exists at that point in time and even more amazed if it's actually implemented on more than 0.0001% of the Internet's services.
NAT. (Score:2)
Re:Nice Acronym (Score:2)
it's just 3 letters.
Re:Nice Acronym (Score:2)
it's just 3 letters, who you call them to and meaning what is what makes them matter.
Re:talk about racist (Score:2)
Re:Why was this modded down? (Score:4, Insightful)
I just don't have any sympathy for people overinduling in their own victimhood. There are people starving around the world, an African continent full of AIDS, people without access to uncontaminated drinkable water, and someone is going to complain about the choice of word that someone uses to describe them, or even more ridiculously, a three-letter-acronym that happens to match up with that word? How can anyone remotely sympathize with someone complaining about this? If they really can't think of a single worthwhile issue to complain about, I'd suggest the upcoming US presidential election, which stands to significantly impact a lot more people than the term that someone uses to refer to a group of people.
Re:Too bad (Score:2, Insightful)
Re:Too bad (Score:2)