
A Statement from The Tor Project on Software Integrity and Apple - zo1
https://blog.torproject.org/blog/statement-tor-project-software-integrity-and-apple
======
cyphar
Why do articles that talk about Tor always reference Silk Road as being the
only notable user of .onion addresses? WikiLeaks used them, and they've been
used for endless anti-censorship actions. Even Facebook has one.

~~~
AnthonyMouse
Probably because "evil pirates selling drugs and child pornography" generates
more page views than "democracy activist not killed by authoritarian
government."

~~~
tzs
For most things like democracy activism, whistleblowing, anti-censorship,
exposing human rights abuses, reaching out for help in abusive situations, and
so on you generally only need anonymity for one side of the communication. The
danger to the party communicating the information is local, not global, and
there are usually parties outside the danger area who are openly working on
addressing the issue that the person inside needs to communicate anonymously
about, and who can serve as recipients of the communication.

For the most part, that kind of communication can be done using tools such as
encrypted email using the recipient's public key, leaving encrypted files on a
cloud service somewhere, and things like that to communicate to those outside
parties.

Where you really need Tor is when you are doing something where there is no
one willing to openly handle the other end of things, and that's usually going
to mean it is something like Silk Road, kiddie porn, human trafficking, and
things like that where it is generally illegal nearly everywhere.

This is why I decided against it when I once considered running a Tor node.
All of the noble uses I had in mind, I realized, could be accomplished without
too much trouble without it, and so it seemed I would really only be helping
people who where doing things I'm not interested in aiding.

~~~
AnthonyMouse
I don't think the use case of hidden services are large sites that themselves
need to be anonymous. That's really hard anyway because if you're big then you
inherently have a lot of traffic, which significantly reduces the number of
possible nodes that could be hosting the site to the ones with at least that
much traffic going through them.

The use of hidden services for large sites is that they authenticate the site
without the person uploading the documents having to trust the CA system. And
the person doing the uploading has to use Tor or something like it because
otherwise their adversary would just block them from accessing that site or
punish them for it, and Tor is better than something like a VPN in that regard
because the uploader only has to trust the design of Tor, not an individual
operator like a VPN.

I think the real use case for a hidden service where the service itself is
anonymous are apps like Ricochet where every user has their own hidden
service. So you can have two activists in a repressive country who want to
communicate with _each other_ while remaining mutually anonymous and not have
to trust some third party in a foreign country who could be cooperating with
their oppressors.

> All of the noble uses I had in mind, I realized, could be accomplished
> without too much trouble without it

"Too much trouble" is a real problem. Security needs to be usable, especially
in the sort of context where someone who makes a mistake or doesn't understand
the implications can get killed for it. Anonymity by default and then you can
tell them who you are if you don't need it is, in that regard, _much_ better
than anonymity only if you do specific extra work and if you didn't know that
then you're dead.

It's also important for the people who need anonymity that lots of people who
don't actually need it use a service that provides it anyway, or use of the
service paints a target on you.

~~~
ryanlol
> I don't think the use case of hidden services are large sites that
> themselves need to be anonymous.

Using a hidden service has some serious caveats, using a hidden service is
significantly slower than using a clearnet website over tor.

>That's really hard anyway because if you're big then you inherently have a
lot of traffic, which significantly reduces the number of possible nodes that
could be hosting the site to the ones with at least that much traffic going
through them.

Yeah, as you would expect you have to scale up if you get a lot of traffic.

>The use of hidden services for large sites is that they authenticate the site
without the person uploading the documents having to trust the CA system. And
the person doing the uploading has to use Tor or something like it because
otherwise their adversary would just block them from accessing that site or
punish them for it, and Tor is better than something like a VPN in that regard
because the uploader only has to trust the design of Tor, not an individual
operator like a VPN.

As opposed to a PGP public key and a clearnet site?

~~~
narrowrail
How are you going to use "a PGP public key" to access a service like Facebook
that is blocked in China? I'm not aware of any web infrastructure (i.e. ports
80/443) that uses "a PGP public key" to secure communications.

I've been considering operating my Murmur server that runs on a local Debian
box as a hidden service because I do not want to expose my public IP (mostly
for DoS reasons). Let's just say that it is not very easy, and I hope to
document my setup once it is to my satisfaction. Hopefully, we can make this
process easy enough for my parents; then we can point to more usage by the
mainstream thereby saving you from arguing against the usefulness of such
software.

~~~
ryanlol
>How are you going to use "a PGP public key" to access a service like Facebook
that is blocked in China?

I don't recall suggesting that. I personally used my own VPN server to access
services like facebook in China.

>I'm not aware of any web infrastructure (i.e. ports 80/443) that uses "a PGP
public key" to secure communications.

I've seen a plenty. In fact, I just sent a PGP encrypted email from gmail over
https.

>arguing against the usefulness of such software.

Where am I arguing against the usefulness of such software? I use .onions
every day and host several, it's just that unless you need to hide your
servers IP address you're adding tons of extra latency for some rather
questionable benefits.

~~~
narrowrail
>>I'm not aware of any web infrastructure (i.e. ports 80/443) that uses "a PGP
public key" to secure communications.

>I've seen a plenty. In fact, I just sent a PGP encrypted email from gmail
over https.

The web infrastructure (i.e. "gmail over https") was secured by a certificate
(X.509) that is similar to, but separate from, a GPG key. As a user, you chose
to take the extra step of encrypting your message locally, but that fact does
not change the fact that the _web infrastructure_ was _not_ secured by "a PGP
public key."

I guess I got confused by your mentioning of "a PGP public key" because it is
a very odd way to put it, and seems orthogonal to the discussion here that Tor
hidden services are useful to people other than for black-market eCommerce
operations.

~~~
ryanlol
>I guess I got confused by your mentioning of "a PGP public key" because it is
a very odd way to put it, and seems orthogonal to the discussion here that Tor
hidden services are useful to people other than for black-market eCommerce
operations.

This is what I was responding to

>The use of hidden services for large sites is that they authenticate the site
without the person uploading the documents having to trust the CA system. And
the person doing the uploading has to use Tor or something like it because
otherwise their adversary would just block them from accessing that site or
punish them for it, and Tor is better than something like a VPN in that regard
because the uploader only has to trust the design of Tor, not an individual
operator like a VPN.

It sounds like AnthonyMouse was suggesting that .onions would be a good way of
sharing documents with "large sites" in scenarios where it is important for
the user (note: not the site) to hide from someone they aren't the biggest
friends with.

Problem with this suggestion is that .onions don't really offer any benefits
to an user wanting to hide their activities, but in fact hurt them by
dramatically slowing down any transfers (This could be a serious issue for
time sensitive stuff).

Therefore, instead of offering an .onion version of their site any such
organizations and their users would be better served by a web service on the
clearnet with an associated PGP public key that the users could use to encrypt
any uploads.

------
acqq
If you wonder why Tor authors even feel they have to state that they are
"clean" here is one article from 2014:

[http://www.whoishostingthis.com/blog/2014/11/17/who-
funded-t...](http://www.whoishostingthis.com/blog/2014/11/17/who-funded-tor/)

~~~
lazyjones
This is widely known. What I find more suspicious is the fact that Tor still
partly uses obsolete crypto (RSA-1024) that may specifically be open to
attacks from governments. This was discussed in 2013 and apparently not fixed
("no time"...). Normally, such a situation would have devs hurrying to fix the
issue immediately, as it makes the whole project potentially useless for a
particularly important use case (evasion of government censorship/repression).

~~~
acqq
It does matter where RSA-1024 is being actually used in Tor. As far as I
understand, as long as it's _not_ for some long-term keys, it still shouldn't
be a problem. Please write if you know more on this subject.

~~~
lazyjones
I'm not an expert on Tor code, so I can only speculate and agree partly with
you: it matters where it is used. But temporary keys do not necessarily help
against an attacker who has access to all/most past Tor traffic. RSA-1024 is
used in node identification and hidden services, the weaknesses are known:

[https://blog.torproject.org/blog/prism-vs-
tor](https://blog.torproject.org/blog/prism-vs-tor)

[https://blog.torproject.org/blog/hidden-services-need-
some-l...](https://blog.torproject.org/blog/hidden-services-need-some-love)

(note: current state of affairs unknown to me since Tor doesn't seem to update
these documents)

------
dang
Url changed from [http://www.pcworld.com/article/3046849/security/tor-
project-...](http://www.pcworld.com/article/3046849/security/tor-project-says-
it-can-quickly-catch-spying-code.html), which points to this.

~~~
arto
Previous submission:
[https://news.ycombinator.com/item?id=11338508](https://news.ycombinator.com/item?id=11338508)

~~~
jlgaddis
... with zero discussion.

