Whither Tor? Building the Next Generation of Anonymity Tools

"Tor hasn't changed, it's the world that's changed," says Aaron Johnson, the lead researcher on a 2013 paper which reported that 80% of Tor users could be de-anonymized within six months, and that today's users may want protection from different threats. An anonymous Slashdot reader quotes Ars Technica: The most probable future we face is a world in which Tor continues to offer a good-but-not-perfect, general-purpose anonymity system, while new anonymity networks arrive offering stronger anonymity optimised for particular use-cases, like anonymous messaging, anonymous filesharing, anonymous microblogging, and anonymous voice-over-IP. Nor is the Tor Project standing still. Tor today is very different from the first public release more than a decade ago, [Tor project cofounder Nick] Mathewson is quick to point out. That evolution will continue.

"It's been my sense for ages that the Tor we use in five years will look very different from the Tor we use today," he says. "Whether that's still called Tor or not is largely a question of who builds and deploys it first. We are not stepping back from innovation. I want better solutions than we have today that are easier to use and protect people's privacy."
The article lists five projects that are "breaking new ground in developing stronger anonymity systems," including the Dissent Project, the Aqua and Herd projects (for filesharing and voice over IP), Vuvuzela/Alpenhorn (for anonymous chat), Riffle (filesharing), and Riposte (anonymous microblogging). Tor project cofounder Nick Mathewson is urging anonymity developers to begin using their own software. "What you learn about software from running it is like what you learn from food by tasting it... You can't actually know whether you've made a working solution for humans unless you give it to humans, including yourself."

Re:

[negRo_slim]

Why not I2P or Freenet?

HORNET, next gen Tor @ 93Gb/s

[saibot834]

It's worth looking at HORNET [scion-architecture.net], which is at this point not much more than a research paper, but it could point in the right direction. Instead of having anonymity for very few people (because of disadvantages to using anonymity tools, e.g. speed and latency), increase the anonymity pool by making anonymous communication less disadvantagous. With HORNET high throughput is achieved by providing Tor-like routing at the network layer (something which is currently not possible in the internet, but it might come with SCION [scion-architecture.net], a BGP replacement that's in the works). I'm not saying that this will be ready anytime soon, but I think it's certainly an interesting idea. [full disclosure: I'm a researcher working on SCION]

I also think that Tor still is the best thing we have. The rumors about Tor's death are greatly exaggerated.

Re:HORNET, next gen Tor @ 93Gb/s

[ewanm89]

The problem with Tor is not throughput but latency, and the latency issue in Tor exists as a protection against timing attacks. Basically, Tor nodes capture several requests to pass on, then wait, only sending in batches on a given interval, they also shuffle the order of the batches, 3 hops later and all these waits add up. Without this method, one could easily watch packets going into and coming out of the network and just match them up, as they come out in the same order a few milliseconds later, with the batching you have no idea which packet matches with which one going in.

Re:

[allo]

> the latency issue in Tor exists as a protection against timing attacks
No, it does not, but it should (as idea of the tor devs). This means currently you have random relay based latency, which can make it even easier to fingerprint your connection. The plan (to be done when it's time) is to add random latency and padding to packets (generating overhead as well) to make fingerprinting harder.

"currently not possible in the internet, but..."

[Larsen E Whipsnade]

Deal breaker right there.

The whole point of freedom is to reduce dependency on other people. We do for ourselves,

Re:

[Killall -9 Bash]

Snowden didn't tell me anything I didn't know.

Remember Heartbleed? Tell me Robin Seggelmann isn't on the NSA payroll and I won't believe you. Tell me he's unemployed, and I might believe you. But he's not unemployed, after making the stupidest fucking mistake EVER.

And it goes deeper than one guy allegedly fucking up code in the most critical piece of security software in the world.

RFC6520-- WHY THE FUCK DOES THIS EXIST? Because it's too computationally expensive for clients to re-establish SSL s

Re:

[Anonymous Coward]

Snowden didn't tell me anything I didn't know.

There is a difference between believing that the world is round and getting it proved.

Snowden didn't tell anyone anything that people didn't already suspected. The difference is that before Snowden one would be disregarded as a tinfoil hat rather than a realist.
What Snowden did was to give you credibility. You lacked it before, even if you didn't realize it.

Re:

[MartinG]

> RFC6520-- WHY THE FUCK DOES THIS EXIST? Because it's too computationally expensive for clients to re-establish SSL sessions...?! Really? My dual core 2.15ghz smart phone begs to differ.

No. It's not about CPU time, but about the time taken to establish a connection due to the TLS and TCP handshakes. I think it's only a single round trip for the TLS part (someone will surely correct me if not) but that's on top of the TCP 3 way handshake, which all adds up. You can't mitigate network latency with a fas

Re:

[cryptizard]

It is two round trips: client hello, server hello, client exchange, server finished.

Re:

[AmiMoJo]

TOR is still the best option, and for the most part it works as advertised. It's possible to sometimes unmask users, usually relying on them making mistakes, but it's an expensive and time consuming process.

The issue is that it needs continuous development and scrutiny to keep it secure. Appelbaum really screwed the project but it's important that it manages to recover, because at the moment there is nothing else comparable.

Re:

[cryptizard]

What a bunch of baseless FUD. The new board was picked precisely because they are beyond reproach. If you think Bruce Schneier and Matt Blaze are government stooges then you might as well just give up trying because no researcher can be trusted.

Re:

[zedaroca]

Yes, in principle no researcher can be trusted (Carnegie Mellon, RSA). Jacob was not there because he was beyond reproach, he was there because he was an activist. Now we have some people supposedly "beyond reproach".

But the new board is not beyond reproach, as the person that did make false accusations against Jacob is in it.

Anyone who is not being persecuted for their activism should raise an eyebrow, even Schneier, who chose a very strange moment to join the project.

Most of what we claimed before Snowden

Re:

[zedaroca]

I closed my node after reading those news. Jacob is a very outspoken enemy of the surveillance state. His speech To protect and infect part 2 [youtube.com] was one of the best about the Snowden revelations.

Jacob was expelled from Tor based on several types of accusations made in a website, including rape, intense kisses and crude language (they went for all the audiences). His friends here sort of expelled too when they didn't believe all the accusations or pointed some of them were false (indirectly by claiming they wer

Cause and effect

[currently_awake]

If you make a completely safe and secure and anonymous communications system, the governments (all of them) will ban it. If you don't they will spy on you and you'll be worse off because you think you're safe.

Re:

[ls671]

gobernments?

Wait, I see:
Top 25 Gobernment profiles | LinkedIn:
https://www.linkedin.com/title... [linkedin.com]

Liberal Gobernment archives:
http://aptn.ca/news/tag/libera... [aptn.ca]

Smart Gobernment. UA Smart University - Universidad de Alicante:
http://web.ua.es/en/smart/smar... [web.ua.es]

etc...

Dummy me, just googling for "Gobernment" made me realize that it is just another valid way to spell "Government"...

Obvious

[PopeRatzo]

Whither Tor?

Clearly, the answer is "thither".

Maybe "hither"

Re:

[ls671]

They should just use this for up to three shades whither:
http://tide.com/en-us/shop/typ... [tide.com]

Re:

[SeriousTube]

Stop getting worked up and in a tither.

Re:

[mrbester]

"getting worked up": also known as mither.

Re:

[wonkey_monkey]

All I ever see you do is blither.

Re:

[NotInHere]

I'm afraid that TOR is your only really good alternative here. I use TOR specifically for that reason. Something that can protect journalists from repressive governments should be more than enough to protect me from data hungry companies. The issue here is that it doesn't depend on client software alone. Just alone your ip address can often be used to almost uniquely identify you. How many devices share your internet connection? Do you connect your phone to the WiFi? Then you've lost.

Tor and VPN weakness is packet size.

[adolf]

Maybe for TOR, and certainly for VPN (as-implemented), is a specific vulnerability for packet sizes.

If 208.230.30.20 sends packets of 9098, 3039, and 3030 bytes, and I receive similar packets of the same size (plus or minus VPN headers), then I am already identifiable.

Is this different for Tor?

Re:

[AHuxley]

The NSA and GCHQ seem to have 3 ways of breaking down anonymity and privacy on any emerging platform.
Junk encryption standards allows a message to be collected even if anonymity can be assured.
If privacy can be assumed then the anonymity is weakened to allow end to end tracking. Low quality server hardware and networks sold globally.
If all that per application effort fails, just go for https://en.wikipedia.org/wiki/... [wikipedia.org] and match up the start and end point.
Once an interesting persons computer network

Re:

[dns_server]

Tor works by setting up multiple layers of vpn's between nodes in laters in a way that traffic is passed between nodes without them knowing the contents.
You want to connect to c so you set up a vpn between a and b then b and c and use both of those vpn to set up another vpn between a and c.

That is the a kind of traffic analysis that can be done if you are a government and can monitor enough nodes.
While any one node may not know what is being transmitted and to where you could see that a series of packets ca

Re:

[rrohbeck]

They could pad the packets with random dummy data.

Re: Tor and VPN weakness is packet size.

[adolf]

They could, but they don't.

Re:

[cryptizard]

Yes TOR does not try to protect against those "traffic confirmation" attacks, not could it if it wanted to. If an attacker can observe everything going into the network and everything coming out of it, then the game is over because of simple information theoretic limits. Unless clients are willing to pad all their traffic to some fixed rate. This is not at all practical though, since you would have to have all clients match the bandwidth of the weakest client, making the network unusable.

Re:

[cryptizard]

No not really. How do you pick the randomness? If it's uniformly distributed then I can still extract averages over larger sequences of traffic. You don't have to have an EXACT match on size. For instance, imagine you are trying to catch someone that is exfiltrating a large amount of sensitive data. I don't care what you pad, if I can see both ends of the network I will notice one person transferring a huge amount of data that corresponds with data I see going into the "wikileaks" site (or whatever) on

Re:

[adolf]

I'm imagining a typical VPN host (eg airvpn). I'm assuming that an attacker is able to monitor both my encrypted and unencrypted traffic, or at least the metadata therein (which isn't particularly unlikely), at the point where the OpenVPN server connects to the Internet. There's a lot going on with one of these systems.

Suppose I'm sending a bunch of stuff to Wikileaks over this connection using HTTP[S], and it's a pretty steady stream of ~1500 byte TCP packets coming in and going out. Easy enough to corr

Re:

[cryptizard]

Now, neither the packet sizes coming in over VPN nor the total transfer-over-time directly correlate any longer with the stuff going unencrypted out of the VPN box.

Why do you say this? Think of it this way, if I see a stream going to wikileaks and I want to track who it is coming from, consider the individual packets from that stream. Every packet I see, I look at the incoming traffic and think, "which client could have sent this?" I put some generous bounds on the network environment and what I know about your padding system and say, "any packet sent between this time and this time, between this size and this size, could have corresponded to that output packet".

Re:

[BundesSheep]

This does help though by making the entire process take longer. If you've got a relatively small burst of data you need to send to wikileaks, for example, you might get it all sent before you can be statistically cornered, as it were. Maybe you'll never use that network ever again now that the job is done.

Re:

[cryptizard]

Ok but then you are saying it is only secure for certain types of traffic. How do you quantify when you are secure? Is it 1 MB? 100 MB? It is a bad idea to have situations where you might not be secure and have no idea.

Re:

[adolf]

We're already insecure, and we know it.

The point is to decrease the signal-to-noise ratio so that finding good, reliable data as to whom is doing what is harder, which is pretty much all that encryption has gotten us so far anyway: It makes it harder.

Anyone who believes that their data is secure in transit on a public network is a lunatic to whom I'd like to sell a bridge. I would also like to take this time to draw into question the sanity of anyone who chooses to think that there's no good reason to mak

Re:

[adolf]

s/spoofing/snooping/

When will people realise

[Chrisq]

The only way to guarantee privacy is to disconne//....

Maybe the need isn't as great?

[jandersen]

"Tor hasn't changed, it's the world that's changed," says Aaron Johnson, the lead researcher on a 2013 paper which reported that 80% of Tor users could be de-anonymized within six months, and that today's users may want protection from different threats.

I think this is it: most people are simply not all that worried about anonymity or privacy. Perhaps they are stupid, but on the other hand, it could be that it is just bit too paranoid to go to enormous lengths to protect one's privacy. I can see why - with smartphones and smart tvs and all the other silly gadgets, as well as credit cards that we use all over the place, we leave an enormous trail everywhere we go, and we allow companies access to our privacy almost without limitations; so how much is it act

Re:

[Larsen E Whipsnade]

Other people's complacency should not be my responsibility.

Let them be spied on if they're fine with that. But if it affects me, then a line has been crossed.

Re:

[cryptizard]

Okay so people won't trust the Tor organization, with longstanding community heroes on the board like Bruce Schneier and Matt Blaze, but they will trust a random fork of Tor that is made by anonymous nobodies with a questionable agenda. Very smart.

Re:

[cryptizard]

For trust you need an open protocol specification that can be evaluated in itself. Then you can write your own implementation that you know is safe or you can use an open source alternative that may or may not be compromised or you can use a binary that may or may not be compromised. The protocol itself needs to be resilient against man in the middle attacks so that you aren't exposed just because a few other users are using version that are actively trying to figure out where the packets come from.

Literally all of those things are true of Tor, so I don't know wtf your point is here.

Re:

[cryptizard]

I didn't mean to trust Tor because of them, I meant their presence was not a reason to NOT trust Tor, as some people are claiming.

Hiding Tor

[Ingo Ruhnke]

Focus an anonymity is all nice and good, but from my experience the biggest problem with Tor is that the exit nodes are so limited that the fact that you are using Tor is obvious for the server. Meaning websites will block you or become unusable due to requesting a CAPTCHA every few clicks. Thus you have anonymity, but your web access is so drastically limited that it becomes impractical to use Tor as every day Internet access, thus you switch back to a non-Tor browser and are left with no anonymity.

Re:

[Larsen E Whipsnade]

This is a concern for me. It seems like exit nodes get blacklisted because they look like exit nodes. If we sculpted their traffic to look more vanilla we could get past this, and maybe reduce Tor's usability for spammers at the same time.

The danger is it could also reduce usability for legit users as well, but CAPTCHA is already doing that anyway.

Re:

[Larsen E Whipsnade]

Also, lots of sites block Tor outright. Not even the courtesy of a CAPTCHA. That's a troubling trend.

Maybe if we force upstream-downrange ratios into a narrow range then we can avoid exit nodes looking distinct from ordinary client hosts. That will make it harder to upload large files, but I can live with that.
 

Trust?

[kqc7011]

Are they doing the work with help from the NSA?

Using Tor

[Oswald McWeany]

Using Tor only makes the government want to spy on you more; it will only help protect you from less sophisticated entities. Unfortunately, wanting to protect your privacy means the government will try even harder to spy on you.

Making deanonymising hard...

[John Allsup]

A lot of the issues come down to a general type of problem, one I term 'NSA/GCQH problems', namely "is this meaningful data?" type questions.

For example, if trying to decrypt a file, if one alphanumeric password of length 16 characters ends up with something like passable HTML or English text, chances are you have the right password. Thus there are easy(ish) ways for an attacker/listener to verify whether or not they have the the correct password. I imagine future anonymity systems will need to look at mean