
Tor: The Second-Generation Onion Router (2004) - jarvl
https://svn.torproject.org/svn/projects/design-paper/tor-design.html
======
AnaniasAnanas
There is also I2P which is just like Tor but unlike it is designed to
withstand the traffic from bittorrent clients (useful for people living in
dorms on in America) and can also tunnel UDP (unlike Tor which can only tunnel
TCP).

That being said, I really like the new onion-v3 protocol that Tor added as it
moves from the outdated 1024-bit rsa + sha1 addresses with 1024-bit DH and
AES-128 to the state-of-the-art ed25519 for addresses and handshake as well as
chacha20-poly1305 for encryption.

~~~
LMYahooTFY
I think it's an important distinction that one has identified developers, and
one has anonymous developers.

It doesn't seem clear to me that one is generally better than another, I think
they complement each other.

------
jayess
It mentions mixmaster and mixminion, but those projects seem to have died. I
feel like they are needed more than ever.

~~~
simmons
Indeed. I've often thought that such high-latency mix-nets (with their
potentially superior resistance to traffic analysis) would be a nice
complement to low-latency networks like Tor.

~~~
jandrese
The downside is that browsing the web on a service like that sucks ass. Tor
trades off some security for a basic level of user experience.

Sadly, modern web design makes stuff like WWWoffle less useful than it used to
be. Plus it's difficult to set up fully anonymous services on the far side of
the link, I mean you're using Tor for a reason, and leaving breadcrumbs on the
far side of the network is risky.

~~~
metildaa
Using TBB has gotten much better over the past few years, often you can stream
YouTube without much issue.

------
Ajedi32
Tor is great, but it's always been a bit slow. Now that cryptocurrency is a
thing, I often wonder if that problem could be solved by incentivizing the
running of relays and exit nodes through microtransactions without
compromising privacy. Would be great if we could make Tor fast enough that it
could actually be used as a substitute for commercial VPNs.

~~~
arpstick
That reminds me of this little onion routering thingy i made that spiraled out
of control into a semi functioning project that I got hired to work on full
time

([https://github.com/loki-project/loki-network](https://github.com/loki-
project/loki-network))

~~~
neuroscr
Also a dev on loki-network, we have $4.1+ million USD so far invested in
relays (and potentially exits). It's layer 3 (so think more like i2p) but
newer crypto and much better latency.

A good overview of the project is here: [https://github.com/loki-project/loki-
network/blob/master/doc...](https://github.com/loki-project/loki-
network/blob/master/docs/high-level.txt)

other docs here: [https://github.com/loki-project/loki-
network/blob/master/doc...](https://github.com/loki-project/loki-
network/blob/master/docs/)

Join our test-net now:
[https://discord.gg/eB8k6xQ](https://discord.gg/eB8k6xQ) or #llarp on freenode

------
malvosenior
Tor is great! Sadly HN shadow bans all accounts created with it. Lots of other
services also won’t let you sign up or require a phone verification if you use
it.

------
Jumziey
Apparently not safe for work

~~~
TomMarius
A company could have a lot of problems if one of their employees decided to
host a node in their network, so quite literally yeah

~~~
vbezhenar
What kind of problems company could have?

~~~
lozaning
I ran an exit node at home for a couple months. Within minutes of my dynamic
IP being updated from my ISP, cloudflare could figure out that I was an exit
node, and then would fail to differentiate my own, non tor traffic, with that
of the traffic exiting my node. The result being every single cloudflare
backed website will hit you with a captcha on every page you view.

My ISP would also randomly shut off my connection with some vague email about
having compromised computer on my network i needed to fix. I'd have to call
and make up some story to get them to turn my internet back on.

Essentially all kinds of people associate TOR with unsavory activity and as
such put hoops to jump through when accessing stuff through tor. When you host
an exit node your non tor traffic is considered to be outbound TOR traffic
based on the IP the traffic originates from.

I cant imagine what would happen if I ran a node on the same network as our
email server. I have to assume that we'd get blacklisted for spam quick if our
mx resolved to a tor exit node IP.

Then there's the whole issue of more or less being guaranteed to be complicit
in the distribution of CP. With really only safe harbor laws protecting you.

~~~
jandrese
People associate TOR with unsavory activity because TOR is used for unsavory
activity. Running an exit node on a link you care about is insanity.

The main reason I have never run an exit node is fear that some overzealous
LEO trying to make a name for himself is going to trace an IP off of a kiddie
porn or drug market to my house and send in SWAT to break all of my windows
and tie me up in court for months before deciding that charging me as an
accomplice probably won't work this time because I didn't opt for the public
defender.

~~~
Forbo
Exit nodes only handle traffic leaving the Tor network to clearnet sites.
Nobody is going to run a child porn site or drug market on the clearnet.

~~~
jandrese
No, but they'll access clearnet child porn/drug sites through your exit node.
Not every criminal uses Tor.

------
ngneer
News?

------
vippy
I keep copies of these papers in a safe in case I never need to re-develop the
Internet from scratch. No seriously, the Tor papers are amazing and even hint
at the means by which Tor might be manipulated to, say, track down someone
like Ross Ulbricht, founder of the Silk Road, who is currently serving a
double life sentence, plus forty years, without the possibility of parole.

~~~
snvzz
>Ross Ulbricht, founder of the Silk Road, who is currently serving

For running a free market. It's fucked up.

~~~
iondfgnio
Stop trying to rewrite history. He was convicted of running the market, but
the reason the judge threw the book at him is because he tried to have five
people killed.

>Because it is contested, the Court must make appropriate factual findings if
it is to include it. The standard by which I do that is by a preponderance of
the evidence. Ulbricht's directed violence here is and relates to the murders
for hire which he is alleged to have commissioned and paid for. The Court must
determine whether these allegations have been demonstrated by a preponderance
of the evidence and I find that there is ample and unambiguous evidence that
Ulbricht commissioned five murders as part of his efforts to protect his
criminal enterprise and that he paid for these murders. There is no evidence
that he was role-playing.

[https://freeross.org/wp-
content/uploads/2015/05/Sentencing_2...](https://freeross.org/wp-
content/uploads/2015/05/Sentencing_2015-May-29.pdf)

Maybe you think he didn't try to commission murders. Maybe you think judges
shouldn't have so much latitude in deciding sentences. But the simple fact
remains: Ulbricht is serving two life sentences mostly _because the judge
found that he tried to kill five people._

~~~
kodablah
> Maybe you think judges shouldn't have so much latitude in deciding
> sentences.

Sure scares me. Why wasn't he tried for the other crimes if his punishment is
going to be based on them? This isn't a little difference to take into account
when sentencing, these are important crimes on their own deserving a right to
trial.

~~~
plussed_reader
Because you take them down how you can; in a similar light how Capone was
taken down on taxes and not murder, corruption, smuggling, or conspiracy.

Or are all purveyors of the 'free market' automatically heroes in your eyes?

~~~
kodablah
> Or are all purveyors of the 'free market' automatically heroes in your eyes?

No, I don't even like the guy. Why must I consider someone a hero to feel they
deserve a trial for their punished actions?

~~~
plussed_reader
A trial did occur for Ross Ulbricht; I don't understand your point.

~~~
derefr
If someone is _accused_ of X, but you "get them" for Y, and the sentencing is
based on the fact that they "did" X... you never had a trial that proved that
they did X, so anything you _think_ you know about their guilt of X shouldn't
be relevant to their sentence for Y. Because you don't _really_ know.

And, even if you know mathematically without a doubt that "they did it" in
point-of-fact, and you have all the evidence to back you up such that you're
really sure that if you _did_ have a trial, it'd be an open-and-shut case...
you still can't assume. Because it's not about whether _you_ see guilt or
innocence when _you_ look at the evidence; it's about whether _the jury_ sees
guilt or innocence when _they_ look at the evidence.

Jury nullification means a jury can just _decide_ , arbitrarily, that
somebody's not guilty of something. And then double-jeopardy means that you
can't ask that question again. It's been resolved, permanently: the accused
has been declared innocent, in the eyes of the law—however strong your proof
was! And any _further_ judgements by the courts have to take, as input, that
innocent verdict that came out of the trial; not the proof-of-guilt that went
_in_ but didn't survive.

What that implies, to me, is that in the Al Capone example, he should never
have been treated as anything other than a regular tax evader, and should only
have received a regular tax-evader's sentence.

I'm reminded heavily of the recent p-hacking controversy in science. Imagine a
world where we "pre-register" a trial when an investigation is begun, and are
then forced to go through with it (and pretend the government has the infinite
money required to enable this.) In this world, that trial would likely declare
the suspect innocent a lot of the time... and all the evidence gathered to do
so would be "used up" by that trial. You couldn't turn around and use the same
evidence to prove that "because he's guilty of X, it's more likely that..."
anything else. Because, in the eyes of the law, he _isn 't_ guilty of X, and
anything that proves that, doesn't. The evidence itself was nullified when the
verdict was.

In the real world, just to save time and money, we don't bother to prosecute
trials we know we'll lose. But shouldn't the _effects_ still be the same as if
we did? An optimization shouldn't change the semantics of the system.

------
miles_bytes81
I love Tor and use it often (also collaborated with code and nodes). But the
problem lately is that all sites are banning it. Even HN, gives you trouble
when connecting through Tor.

~~~
lallysingh
Tor is often a vector for abuse, so tor node IPs get banned. I'd like to see a
way to have nodes block certain origins without being able to identify them.

