Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Privacy Encryption Networking Security Software

Whither Tor? Building the Next Generation of Anonymity Tools ( 89

"Tor hasn't changed, it's the world that's changed," says Aaron Johnson, the lead researcher on a 2013 paper which reported that 80% of Tor users could be de-anonymized within six months, and that today's users may want protection from different threats. An anonymous Slashdot reader quotes Ars Technica: The most probable future we face is a world in which Tor continues to offer a good-but-not-perfect, general-purpose anonymity system, while new anonymity networks arrive offering stronger anonymity optimised for particular use-cases, like anonymous messaging, anonymous filesharing, anonymous microblogging, and anonymous voice-over-IP. Nor is the Tor Project standing still. Tor today is very different from the first public release more than a decade ago, [Tor project cofounder Nick] Mathewson is quick to point out. That evolution will continue.

"It's been my sense for ages that the Tor we use in five years will look very different from the Tor we use today," he says. "Whether that's still called Tor or not is largely a question of who builds and deploys it first. We are not stepping back from innovation. I want better solutions than we have today that are easier to use and protect people's privacy."

The article lists five projects that are "breaking new ground in developing stronger anonymity systems," including the Dissent Project, the Aqua and Herd projects (for filesharing and voice over IP), Vuvuzela/Alpenhorn (for anonymous chat), Riffle (filesharing), and Riposte (anonymous microblogging). Tor project cofounder Nick Mathewson is urging anonymity developers to begin using their own software. "What you learn about software from running it is like what you learn from food by tasting it... You can't actually know whether you've made a working solution for humans unless you give it to humans, including yourself."
This discussion has been archived. No new comments can be posted.

Whither Tor? Building the Next Generation of Anonymity Tools

Comments Filter:
  • If you make a completely safe and secure and anonymous communications system, the governments (all of them) will ban it. If you don't they will spy on you and you'll be worse off because you think you're safe.
  • Whither Tor?

    Clearly, the answer is "thither".

    Maybe "hither"

  • by adolf ( 21054 ) <> on Monday September 05, 2016 @03:05AM (#52827829) Journal

    Maybe for TOR, and certainly for VPN (as-implemented), is a specific vulnerability for packet sizes.

    If sends packets of 9098, 3039, and 3030 bytes, and I receive similar packets of the same size (plus or minus VPN headers), then I am already identifiable.

    Is this different for Tor?

    • by AHuxley ( 892839 )
      The NSA and GCHQ seem to have 3 ways of breaking down anonymity and privacy on any emerging platform.
      Junk encryption standards allows a message to be collected even if anonymity can be assured.
      If privacy can be assumed then the anonymity is weakened to allow end to end tracking. Low quality server hardware and networks sold globally.
      If all that per application effort fails, just go for [] and match up the start and end point.
      Once an interesting persons computer network
    • Tor works by setting up multiple layers of vpn's between nodes in laters in a way that traffic is passed between nodes without them knowing the contents.
      You want to connect to c so you set up a vpn between a and b then b and c and use both of those vpn to set up another vpn between a and c.

      That is the a kind of traffic analysis that can be done if you are a government and can monitor enough nodes.
      While any one node may not know what is being transmitted and to where you could see that a series of packets ca

    • They could pad the packets with random dummy data.

    • Yes TOR does not try to protect against those "traffic confirmation" attacks, not could it if it wanted to. If an attacker can observe everything going into the network and everything coming out of it, then the game is over because of simple information theoretic limits. Unless clients are willing to pad all their traffic to some fixed rate. This is not at all practical though, since you would have to have all clients match the bandwidth of the weakest client, making the network unusable.
  • The only way to guarantee privacy is to disconne//....
  • "Tor hasn't changed, it's the world that's changed," says Aaron Johnson, the lead researcher on a 2013 paper which reported that 80% of Tor users could be de-anonymized within six months, and that today's users may want protection from different threats.

    I think this is it: most people are simply not all that worried about anonymity or privacy. Perhaps they are stupid, but on the other hand, it could be that it is just bit too paranoid to go to enormous lengths to protect one's privacy. I can see why - with smartphones and smart tvs and all the other silly gadgets, as well as credit cards that we use all over the place, we leave an enormous trail everywhere we go, and we allow companies access to our privacy almost without limitations; so how much is it act

    • Other people's complacency should not be my responsibility.

      Let them be spied on if they're fine with that. But if it affects me, then a line has been crossed.
  • Hiding Tor (Score:4, Informative)

    by Ingo Ruhnke ( 3575189 ) on Monday September 05, 2016 @06:17AM (#52828303)

    Focus an anonymity is all nice and good, but from my experience the biggest problem with Tor is that the exit nodes are so limited that the fact that you are using Tor is obvious for the server. Meaning websites will block you or become unusable due to requesting a CAPTCHA every few clicks. Thus you have anonymity, but your web access is so drastically limited that it becomes impractical to use Tor as every day Internet access, thus you switch back to a non-Tor browser and are left with no anonymity.

    • This is a concern for me. It seems like exit nodes get blacklisted because they look like exit nodes. If we sculpted their traffic to look more vanilla we could get past this, and maybe reduce Tor's usability for spammers at the same time.

      The danger is it could also reduce usability for legit users as well, but CAPTCHA is already doing that anyway.
    • Also, lots of sites block Tor outright. Not even the courtesy of a CAPTCHA. That's a troubling trend.

      Maybe if we force upstream-downrange ratios into a narrow range then we can avoid exit nodes looking distinct from ordinary client hosts. That will make it harder to upload large files, but I can live with that.
  • Are they doing the work with help from the NSA?
  • Using Tor only makes the government want to spy on you more; it will only help protect you from less sophisticated entities. Unfortunately, wanting to protect your privacy means the government will try even harder to spy on you.

  • A lot of the issues come down to a general type of problem, one I term 'NSA/GCQH problems', namely "is this meaningful data?" type questions.

    For example, if trying to decrypt a file, if one alphanumeric password of length 16 characters ends up with something like passable HTML or English text, chances are you have the right password. Thus there are easy(ish) ways for an attacker/listener to verify whether or not they have the the correct password. I imagine future anonymity systems will need to look at mean

Outside of a dog, a book is man's best friend. Inside of a dog, it is too dark to read.