
The Tor Project: Building the Next Generation of Onion Services - ashitlerferad
https://blog.torproject.org/blog/mission-montreal-building-next-generation-onion-services
======
gravypod
What I think really needs to happen is for the Tor group to make setting up
hidden services much simpler.

Maybe I'm just stupid, but there didn't seem like an easy "type a command and
we will set this all up for you" kind of way to do it.

Getting it setup, getting it to run as a daemon, and getting the service to
work on multiple ports (allowing you to serve :80 and :22 for web and ssh). It
seemed like a nightmare to me.

It's sad because I'm very interested in hosting a tor relay/service to make
sure I can get to my important documents, even if I need to travel to another
country that blocks services like dropbox and google docs.

~~~
atmosx
Hm, the problem with this kind of tools is that if you're not willing to read
the documentation to get a good understanding of what you're doing, you might
end up _thinking_ you're secure instead of _being_ secure which is the worst
case scenario.

~~~
infogulch
Is there a way to configure the tool to _not_ be secure? Why is the secure
configuration not the default? Can a _secure_ default be easier to set up?

~~~
ryukafalz
Because normally, the context here is that you're trying to set up an existing
internet service over the Tor network. Your web server, for example, typically
doesn't know anything about Tor, and will happily serve up pages to normal
internet users unless you configure it not to.

Services designed for Tor don't have this issue and can be secure by default.
Ricochet[1], for example, advertises itself as a hidden service automatically
and doesn't communicate outside the Tor network.

1: [https://ricochet.im/](https://ricochet.im/)

~~~
lazaroclapp
Sure, but you could always have something like a script that takes a Vagrant
VM or a docker container and turns it into a hidden service on Tor. The script
would take care of making sure the only access to the VM is through Tor and
that the VM learns nothing (under normal operations, I am not even thinking
about patching side-channel attacks and escalation-to-host attacks here) about
the host's identity or location. I am thinking something like:

vagrant up --provider=tor my-service

Where my-service is any Vagrant node (a config file for setting up a generic
VM with whatever software / conf you specify) and the vagrant command outputs
the Tor hidden service address in the last line, after loading the VM locally
on top of VirtualBox or similar.

------
zmanian
I'm very excited about a number of innovations being deployed in next gen
onion servers.

The distributed random number generator is very cool.

The blinded ed25519 public keys for the rendezvous servers are also super
awesome.

Funding tor not only protects people from surveillance but advances computer
science.

------
jontas
I was curious to see if it is possible to donate funds towards the operation
of "safe" (eg, non government controlled) exit/bridge nodes. According to the
donation faq for the tor project[1], it appears that funds are not used for
infrastructure.

If there were a way to fund exit nodes without running one myself I would
definitely be interested in participating. If not, this might be a great idea
for a crowdfunding campaign.

[1] The Tor Project spends about $2.5 million annually. About 80% of the Tor
Project's spending goes on staffing, mostly software engineers. About 10% goes
towards administrative costs such as accounting and legal costs and bank fees.
The remaining 10% is spent on travel, meetings and conferences, which are
important for Tor because the Tor community is global.

[https://www.torproject.org/donate/donor-
faq.html.en](https://www.torproject.org/donate/donor-faq.html.en)

~~~
sandworm101
I think the Tor project would agree with me in saying that donations are all
well and good, but the best way to contribute is to operate a high-capacity
node.

~~~
unimpressive
Really, you'd turn down say, a thousand dollars of donations toward exit nodes
and bridges?

[http://lesswrong.com/lw/65/money_the_unit_of_caring/](http://lesswrong.com/lw/65/money_the_unit_of_caring/)

~~~
throwaway7767
This is not about moral philosophy, but practical matters. Tor's anonymity
depends on diverse ownership of the running relays. As it stands, the
organizations accepting donations to run Tor relays (torservers, noisetor,
etc) already control a sizeable chunk of the total relays, and that's why the
Tor project would rather encourage people to run their own.

Of course, many people can't or don't want to run an exit node. In that case,
it's much better to donate to those organizations than to do nothing. But the
Tor exit relays are not soup kitchens, and increased security for the Tor
network due to more diversified operator group is not easily convertible to a
dollar value.

~~~
mst
Perhaps the answer here is to have a donation receiving autonomous corporation
on etherium that then provisions the nodes automatically.

Note: I'm aware that'd be a lot of effort to set up and might not even work,
but the idea seems fascinating in theory.

~~~
unimpressive
The underlying hardware of the provisioned nodes would still be under the
control of easily-bugged machines in large datacenters from the perspective of
government level actors.

------
Santosh83
How can/does Tor propose to handle government level subversion (which must
surely be happening and continue to happen with ever-increasing depth) where
"sponsored" computers begin to form a majority of worldwide exit and relay
nodes, with modified Tor running on them that looks actively for attacks, and
leaks of information?

~~~
openasocket
Current evidence suggests it's doing OK for now. The slides from the Snowden
leaks showed the NSA was unable to compromise the core infrastructure by
controlling relay and exit nodes, excepting a few cases. However, there are
attacks a government-level entity can mount that Tor explicitly does not
protect against, such as large scale passive scanning for traffic
confirmation. It is not believed to be possible to beat such monitoring
without compromising latency.

~~~
fredley
That evidence is a few years old now, how far they've come in that time is a
complete unknown.

~~~
neerdowell
This is a textbook example of FUD.

~~~
venomsnake
Since NSA core mission is being ahead of everyone else, a claim that
capabilities have increased a lot in the last few years is not FUD.

~~~
dimino
Without any specific evidence, it's still FUD.

~~~
detaro
What would specific evidence for "we don't know how much progress they have
made since the last time we had concrete data about them" look like?

~~~
dimino
The FUD is implying they've made significant progress. You're right, "we don't
know" isn't really a falsifiable statement, in this context.

------
ikeboy
If they're going to use random numbers to enhance security, they should make
sure that at worst, if the numbers are predictable and controlled by an
attacker, it's no worse than the current security.

Does anyone know if their protocol does that?

~~~
DSingularity
Interesting. Can you give an example of how a security enhancing protocol can
be end up degrading security?

~~~
nxzero
>> "RSA BSAFE is a FIPS 140-2 validated cryptography library offered by RSA
Security. From 2004 to 2013 the default random number generator in the library
contained an alleged kleptographic backdoor from the American National
Security Agency (NSA), as part of its secret Bullrun program."

[https://en.m.wikipedia.org/wiki/RSA_BSAFE](https://en.m.wikipedia.org/wiki/RSA_BSAFE)

------
peterwwillis
Disclaimer: My knowledge of the Tor architecture is very rudimentary

It would be nice to see some new tcp/ip protocols that handle point-to-point
and cross-network communication more flexibly. Take a p2p router (let's say
Gnutella2), but pared down to only do addressing and routing of traffic. Then
another proto on top to do handle name resolution, secrets and tunnels. Then
maybe tcp on top of that just to make tunneling arbitrary applications easy.
Everything written with IPv6/ICMPv6 in mind as the parent protocol to be more
future-proof. In this way, we can have both a reusable framework for p2p
networks (the first layer) and a repurposeable protocol for doing name, auth
and secret management/tunneling.

I believe the second thing is already handled by tor, but I don't know if
separating the secrecy from the routing exists currently. Those different
layers could be reused for different purposes, while also being written with a
"new Tor" use-case in mind.

------
MoD411
I wonder if seif project's ideas could be helpful here:
[https://github.com/paypal/seifnode](https://github.com/paypal/seifnode). I
remember Crockford talking about using microphone and camera noise to generate
random numbers.

------
Pica_soO
Running a Tor Node- should be a form of payment. A user having no talent,
requesting help from a open source community, could "donate" his bandwith and
machine in return. And this form of contract should come with ease of use.

~~~
abricot
Bandwidth and machine time is not the biggest hindrance for running a tor
relay or exit node. The muddy legality in most countries _is_.

------
bunkydoo
I still really don't understand why people keep developing Tor over I2P - I2P
is clearly the better protocol offering complete untraceable anonymity and a
chance to secceed from the stigma of Tor...

~~~
zmanian
Tor is a solution for both anonynmity & privacy and censorship evasion. I2P is
oriented primarily towards anonymity and privacy.

I2P has an attractive anonymous service design and can run applications like
Bittorrent over it. But it also developed basically by 3 people in New
Zealand.

Tor has more funding b/c of censorship evasion features being attractive to
funders. Successes in the anonynmity feature set like SecureDrop. A vibrant
academic community with conferences etc. Lots and lots of review from the
external crypto and security community. A deep well of technical talent.

------
aakilfernandes
My understanding of distributed commit/reveal RNGs is they need some sort of
incentive mechanism. Otherwise, its trivial for an attacker to flood the
network with lots of commits and only reveal the ones that give him a useful
outcome.

[https://github.com/randao/randao](https://github.com/randao/randao)

~~~
cyphar
As far as I understand, the distributed randomness will only be distributed on
the 11 trusted directory servers (where you get your node manifest from). So
you don't need to worry about malicious nodes killing the randomness.

------
hotpockets
I can't access the website because it's using HSTS and my browser says their
certificate is invalid. There is no option to bypass the browser security
warning. I'm at a public library. Anyone know what's going on?

~~~
Buge
It works for me. The cert is issued by DigiCert Inc and the sha1 fingerprint
is DE:20:3D:46:FD:C3:68:EB:BA:40:56:39:F5:FA:FD:F5:4E:3A:1F:83

~~~
dimino
I have a completely different cert, issued by Cisco Umbrella Secondary SubCA
ash-SG:

sha1 - 3B:AE:49:04:9E:6A:3D:BE:96:08:60:F0:9B:6B:2F:03:4F:E9:8C:43

~~~
Buge
Cisco Umbrella seems to be some type of security product for networks. Are you
using a computer belonging to your employer or with employer software
installed? They could be MITMing you. It seems odd that the Tor project would
be using a Cisco product like that.

What about the cert for Hacker News, or my website
[https://throwpass.com](https://throwpass.com) ?

~~~
dimino
Other certs validate, it might be site-specific from my employer (I'm on my
employer's network)?

~~~
pfg
OpenDNS/Cisco Umbrella is basically a DNS-level security service that analyzes
your DNS queries, blocks known malware domains, etc.

For some high-risk domains - depending on some settings - it will also switch
to MitM'ing the connection to take a closer look at the traffic and block it
on that level if necessary. It might also just be necessary to show the "This
domain is blocked" page when you're requesting a site via https. Usually, your
employer would pre-install their CA certificate, which would bypass the HSTS
warning, but I suppose this might be a BYOD setting (or they just
forgot/didn't like the idea of Cisco being able to MitM all the things).

------
imaginenore
I don't understand why these TOR guys can't rent like 10-20 cheap VPSs all
around the world and do their testing there. They are describing getting 11
nodes like some sort of struggle.

VPSs are truly cheap now, you can get one for $3.52 per year:

[https://lowendbox.com/blog/i-83-100mbps-unmetered-openvz-
nat...](https://lowendbox.com/blog/i-83-100mbps-unmetered-openvz-nat-vps-
starting-at-2-50year-resource-pools-in-usa-eu-and-asia/)

~~~
falcolas
Quite a few VPS providers and ISPs will block TOR services out of the gate.

Here's their overview page:
[https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISP...](https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs)

~~~
arca_vorago
Yep, in the earlier tor days it was obscure enough to be doable, but I haven't
run an exit node in so long I have no idea who would actually host one now. On
top of that, the bandwidth used can eat budgets super fast!

~~~
ryanlol
>On top of that, the bandwidth used can eat budgets super fast!

Bandwidth isn't expensive though, unless you need "premium" bandwidth.

Case in point, I've used petabytes of bandwidth for scanning this year and and
probably spent less than $2k total on both the scanning hardware and the
bandwidth. Realistically I've only spent a few hundred dollars on the BW
itself.

And good luck even maxing a gigabit line with Tor, it's not easy.

