Maybe I'm just stupid, but there didn't seem like an easy "type a command and we will set this all up for you" kind of way to do it.
Getting it setup, getting it to run as a daemon, and getting the service to work on multiple ports (allowing you to serve :80 and :22 for web and ssh). It seemed like a nightmare to me.
It's sad because I'm very interested in hosting a tor relay/service to make sure I can get to my important documents, even if I need to travel to another country that blocks services like dropbox and google docs.
Services designed for Tor don't have this issue and can be secure by default. Ricochet, for example, advertises itself as a hidden service automatically and doesn't communicate outside the Tor network.
vagrant up --provider=tor my-service
Where my-service is any Vagrant node (a config file for setting up a generic VM with whatever software / conf you specify) and the vagrant command outputs the Tor hidden service address in the last line, after loading the VM locally on top of VirtualBox or similar.
The functionality Peter Todd is talking about is totally transparent and involves no user interaction.
There is even apt tor to fetch updates over Tor.
There hidden service config is pretty simple as well.
We should write more functionality for servers that let them setup hidden services via tor
First google result I get for "tor hidden service instructions" is https://www.torproject.org/docs/tor-hidden-service.html.en which explains the two config lines you need to add to create a hidden service
Literally all you have to do is add this into your config file.
HiddenServicePort $EXTERNALPORT $INTERNALIP:$INTERNALPORT
Googling "hidden service multiple ports" instantly answers every single one of your questions, and the answers are rather obvious.
Who would've thought that adding a new port is as easy as just adding another port definition?
Honestly, if this is a problem you shouldn't be trying to host hidden services by yourself anyway. Even if Tor took literally one click to set up the other software will still fuck you, like apaches mod-status.
I think the problem here is simply that some people refuse to read documentation, even after they are provided with a direct link to it. Sounds about right from my personal experience with online tech communities.
Making these things too easy results in very real damage when somewhat clueless people think they're capable of operating these things by themselves.
You google "hidden service multiple ports" (sans quotes), and the very first result answers every single one of his questions.
You only need to scroll down the page to see the super self explanatory config examples.
HiddenServicePort 80 127.0.0.1:8080
HiddenServicePort 6667 127.0.0.1:6667
HiddenServicePort 22 127.0.0.1:22
If you can't configure Tor, you certainly won't be able to sufficiently harden the applications that you're trying to hide.
How do I get multiple .onion domains and how do I back up my keys so I can keep my domain?
Still, there are a lot of things that aren't very evident. It's just a bad experience in general.
We can have obscure documentation only accessible on the tor website, or when you install tor you could get a nice command interface like something presented by UFW.
One will lead to better configurations, the other will lead to mistakes and loss of data.
> how do I back up my keys so I can keep my domain?
Backup the contents of HiddenServiceDir
The distributed random number generator is very cool.
The blinded ed25519 public keys for the rendezvous servers are also super awesome.
Funding tor not only protects people from surveillance but advances computer science.
If there were a way to fund exit nodes without running one myself I would definitely be interested in participating. If not, this might be a great idea for a crowdfunding campaign.
 The Tor Project spends about $2.5 million annually. About 80% of the Tor Project's spending goes on staffing, mostly software engineers. About 10% goes towards administrative costs such as accounting and legal costs and bank fees. The remaining 10% is spent on travel, meetings and conferences, which are important for Tor because the Tor community is global.
Of course, many people can't or don't want to run an exit node. In that case, it's much better to donate to those organizations than to do nothing. But the Tor exit relays are not soup kitchens, and increased security for the Tor network due to more diversified operator group is not easily convertible to a dollar value.
Note: I'm aware that'd be a lot of effort to set up and might not even work, but the idea seems fascinating in theory.
>Yes, the Tor Project effectively did this for years, since no organization or organizational structure existed to take your sanctimonious "unit of caring" and turn it into geographically disparate non-colluding exit bandwidth.
So this seems like a solvable problem, in one way or another. Some ideas that immediately come to mind:
- Perhaps people could be incentivized to be exit node operators for a small amount of money every month? (Estimated liklihood: Not that great, but it's worth a try.)
- I suspect that many technically savvy people would like to run an exit node, but are afraid of being the first person to have to take the things that happen on their exit node to court. Perhaps any time somebody inquires about donating money for exit nodes to the network, they could be redirected to a legal fund to be set up in advance for anybody who gets sued in a precedent setting case over their exit node. A quick google search shows this doesn't exist and I'm sure it would calm some nerves if it had gained a sizable sum over the years. (Estimated liklihood: Honestly, I think at first it wouldn't do much and might even do damage because it wouldn't be very much money. But over time and depending on how often people are willing to donate money it might significantly help with somebodies hypothetical legal fees.)
From the Tor FAQ:
"Will EFF represent me if I get in trouble for running a Tor relay?
Maybe. While EFF cannot promise legal representation for all Tor relay operators, it will assist relay operators in assessing the situation and will try to locate qualified legal counsel when necessary. Inquiries to EFF for the purpose of securing legal representation or referrals should be directed to our intake coordinator by sending an email to email@example.com . Such inquiries will be kept confidential subject to the limits of the attorney/client privilege. Note that although EFF cannot practice law outside of the United States, it will still try to assist non-U.S. relay operators in finding local representation."
So as a practical matter the EFF would probably step in for a precedent setting case, but it would be much better if there was a legal fund just for this that promised it would step in for a precedent setting case.
>Sometimes the real world, or "territory," is more complicated than the "map" you find over at Less Wrong.
Well, yeah. Duh. Speaking of reality being more complicated than you've imagined...
>Take a minute to ponder this in between the daily Neoreactionary Discussion Group and the hourly Why Aren't More Women Rationalists/Rationalist Pickup Artistry thread.
LessWrong Political Opinions By Affiliation And Sample Sizes On The 2016 Survey:
And for the sake of intellectual honesty:
Moreover I wasn't linking to LessWrong's opinion on charity it was Eliezer Yudkowsky's opinion on charity. I'm particularly annoyed about him getting slapped with the Neoreactionary stick when his stated public opinion is that he thinks Neoreaction is stupid and if he were still moderating the main LessWrong site he'd ban them all as part of cleanup:
(Eliezer Yudkowsky can be pretty uncharitable with his critics, I don't endorse that.)
Unfortunately that is largely what we have to go off with the NSA.
It's another layer entirely and does not give information about their capabilities in attacking tor itself (except maybe through the fact that if they had to do that, then yeah, tor is probably still relatively secure if used properly).
You're right; actually tor reside in the application layer I think (above TLS).
Although conceptually speaking it is itself a transport layer I guess.
Layer 5 would be HTTP, layer 6 would be the content (JPEG, MP4, etc.), and layer 7 would be the application serving or sending the HTTP requests/content.
Fortunately Internet wide timing attacks are mostly a Five Eyes and domestic Chinese capability. Chaff, padding etc can help here.
Compromising the servers of target services and using that a platform to distribute anonymity stripping malware is also a problem. The Firefox codebase that TBB is based isn't awesome from a security point of view. Hopefully the Firefox code base can catch up from a security perspective and give them something better to work with.
There's even users who configure BitTorrent to use TCP instead of UDP so that it's very difficult to write DPI rules to parse out the TOR traffic. Couple this with meek, VPNs and traffic shaping tools and it's quite bothersome for them.
Does anyone know if their protocol does that?
In the context of using the distributed randomness protocol to randomize the DHT layout, if the protocol were somehow broken then the worst case outcome would be that the DHT layout would again be predictable, which is no worse than the status quo today.
Disclaimer: IIRC there are some proposals to use the distributed randomness protocol for other things besides randomizing the DHT; I cannot speak to how those proposals might be affected if the distributed randomness protocol is flawed.
Tor was designed for strong anonymity guarantees in nations that aren't 5 Eyes Alliance ie: China, Russia, ect.
Yes there is. There are currently 857 exit nodes. The Tor Project only has to personally know who runs 86 of them to ensure that 90% of the exits are not run by the NSA.
In fact, since ~90% of traffic exits through the top ~260 relays, they'd only need to know 27 of the people who run those.
This guarantee doesn't scale very well considering the combined 5 Eyes intel budget is ~60 billion USD and throwing just 0.1% of their budget at negating Tor would completely overwhelm the network with hundreds of thousands of stooge relays, plus they have the added benefit of global backbone cable traps. Tor can't give any kind of guarantee against a global passive adversary (5 Eyes) which is why they specifically warn against believing otherwise.
It would be nice to see some new tcp/ip protocols that handle point-to-point and cross-network communication more flexibly. Take a p2p router (let's say Gnutella2), but pared down to only do addressing and routing of traffic. Then another proto on top to do handle name resolution, secrets and tunnels. Then maybe tcp on top of that just to make tunneling arbitrary applications easy. Everything written with IPv6/ICMPv6 in mind as the parent protocol to be more future-proof. In this way, we can have both a reusable framework for p2p networks (the first layer) and a repurposeable protocol for doing name, auth and secret management/tunneling.
I believe the second thing is already handled by tor, but I don't know if separating the secrecy from the routing exists currently. Those different layers could be reused for different purposes, while also being written with a "new Tor" use-case in mind.
I2P has an attractive anonymous service design and can run applications like Bittorrent over it. But it also developed basically by 3 people in New Zealand.
Tor has more funding b/c of censorship evasion features being attractive to funders. Successes in the anonynmity feature set like SecureDrop. A vibrant academic community with conferences etc. Lots and lots of review from the external crypto and security community. A deep well of technical talent.
Both projects have designs which have inspired each other and have relative advantages and disadvantages. Technically, I like I2P, but I accept I may be somewhat biased there. Practically speaking, Tor has a much larger anonymity set because it is far more widely used and receives more support, with very well-established volunteer outproxies. I would never criticise anyone for contributing to either: Tor in particular has the widest practical impact of any tool in this space.
This distributed random idea is a very impressive achievement; I'm glad to see it work in the wild! Congratulations.
I'm not sure what you mean about "stigma". Any reasonably effective solution in such a politically-charged space as the anonymity and privacy of human communication is likely to become controversial to some degree.
Your argument falls apart the moment you claim this.
sha1 - 3B:AE:49:04:9E:6A:3D:BE:96:08:60:F0:9B:6B:2F:03:4F:E9:8C:43
What about the cert for Hacker News, or my website https://throwpass.com ?
For some high-risk domains - depending on some settings - it will also switch to MitM'ing the connection to take a closer look at the traffic and block it on that level if necessary. It might also just be necessary to show the "This domain is blocked" page when you're requesting a site via https. Usually, your employer would pre-install their CA certificate, which would bypass the HSTS warning, but I suppose this might be a BYOD setting (or they just forgot/didn't like the idea of Cisco being able to MitM all the things).
VPSs are truly cheap now, you can get one for $3.52 per year:
Here's their overview page: https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISP...
Bandwidth isn't expensive though, unless you need "premium" bandwidth.
Case in point, I've used petabytes of bandwidth for scanning this year and and probably spent less than $2k total on both the scanning hardware and the bandwidth. Realistically I've only spent a few hundred dollars on the BW itself.
And good luck even maxing a gigabit line with Tor, it's not easy.
Why do you believe these "cheap" servers would be secure?
And who cares if they are insecure? It's for testing only. The code is open source anyway.
Where are they doing that? I see nothing the like in the article. Only that this was the first time they did a test of that scale, not that there was anything preventing them from doing it earlier.
Many of the cheap (read: sub $10/year) OpenVZ VPS offerings prohibit ANY type of Tor traffic, even use of a client (such as torsocks) - I've used many of them, and they are quick to detect and suspend based on traffic analysis.