So with four hops, rtt would at most be 1200-2000 msec, if every hop were the maximum length. In practice, rtt for Tor is at most half that, and often even less. But latency is actually good if your goal is anonymity. Because it reduces the accuracy of traffic analysis.
With traditional onion sites, there are two three-relay circuits, one for the user and one for the site, plus a rendezvous relay. So rtt is much greater. However, sites can opt for one-relay circuits, sacrificing anonymity, so overall rtt isn't that bad.
Bandwidth is also reduced with Tor. Increased latency is part of that. But also, many relays have low-bandwidth uplinks, especially ones that people run at home. The Tor client does pick faster relays, but there's a tradeoff, in that doing so reduces anonymity. Increased investment in high-bandwidth relays would help a lot.
Also, with more relays, it would be workable to implement multipath circuits. Especially for onion sites, where precious exit relays aren't needed. Using MPTCP, I managed ~50 Mbps throughput for bbcp transfers between onion sites (with gigabit uplinks). I was getting ~36 subflows per tcp connection.
You can be arrested for things just by using Tor if they mix you up with someone else or something?
(Also check the new relay guide: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide)
But the sad truth is that there aren't that many hosting providers that allow Tor relays. Especially exit relays, because of abuse complaints.
Also, as you might expect, Tor relays can use lots of bandwidth. It's more common to get flat-rate bandwidth for 100 Mbps uplinks, and metered bandwidth for 1 Gbps uplinks. Digital Ocean, for example, just switched to metered bandwidth, and that has killed some relays.
However, all this could arguably change, if Tor became mainstream, as part of Firefox.
Run an exit node and then do something illegal. Then blame it on someone else.
So running an exit at home to coverup for posting on a forum that bans all Tor exits, that makes no sense.
If you use tor and visit the regular web sites (like, say, HN), the last computer that does the actual request to the website is an exit node, as far as that site is concerned, the exit node made the http request. If you run an exit node, your computer is going to be doing tons of requests to all kinds of websites, this may include sites that deal in illegal stuff like drugs, child prostitution, human trafficking, terrorism, etc.
edit: Forgot to say, you must explicit be running an exit node. Not every tor node is an exit node.
Currently Tor looks like HTTPS done with TLS/1.2 on TCP (like regular HTTPS). As these newer protocols get more and more delpoyed Tor can start using them too which will help make Tor faster.
I don't know how much (if at all) it might help—but other, similar overlay networks have previously noticed that (intuitively) inefficiency in the transport protocol is likely to be (broadly speaking) multiplied by the number of hops; so any improvements in that might be useful in improving the user experience by using the same available resources more efficiently.
What that might mean for Tor's perceived speed is a somewhat murky issue, as that's a function of the complex interaction of latency and bandwidth and crypto and routing overhead of all the involved nodes in a tunnel put together; which of course is also shared with other tunnels; not to mention it will _also_ be particularly affected by exit node outproxy bandwidth; _and_ any possible packet loss and delay caused by both incidental _and_ deliberate adverse network conditions…
Convince everyone that using a closed source, proprietary app is good security?
Detecting WhatsApp usage is trivial. With Tor you can use pluggable transports to obfuscate your traffic.
And if i recall correctly, a "global passive attacker" listening to internet traffic around can de-anonimize TOR using ML. Seems like something that would be possible and profitable for a Google and internet infra companies.
This is what Telegram is trying to acheive with their TON and Gram.
If Tor is going to be a built-in feature of Firefox, most employers are going to flag it as malware. This is a ridiculously dumb thing on so many levels -- promote privacy by directing your network traffic to "volunteer" proxy services?
Plus, users do not understand what Tor is or how to use it.
Fighting political battles with software is dumb — the end result is going to be a permanent loss of freedom, as governments force the use of platforms with trusted app stores.
If you're using TLS, it doesn't matter so much if the exit node is malicious because they still won't be able to read it.
Obviously I’m being downvoted into oblivion, but I truly feel this is a solution looking for a problem.
EDIT: I mean baked in in the browser like tor, not baked in tor. Although interesting, it's really not my priority.
The issue is not technical. It's just a chicken and egg problem. Most won't use bittorent unless it's stupidely easy to do. Remember that the average user don't know what an URL is and doesn't open new tabs willingly. Since they are the majority, they drive cost and benefits, so we must include them.
You couldn't, until Firefox 59. Before that, protocol handlers were not allowed to handle links to Dat/IPFS resources .
And while I agree with your comment regarding the chicken and egg problem, there are still some technical issues. As the shadowbanned sibling comment says, extensions don't have access to UDP/TCP sockets, meaning that you will need to run a gateway on your machine. See e.g. what dat-fox  does.
But, not possible anymore (without tricks).
It does not have access to TCP or UDP sockets.
Apart from the existing ecosystem of content, are their any reasons you want BitTorrent over ipfs?
Everyone on tor AND ipfs... Now that would be something.
I think IFPS needs a little more field testing before being set in stone. Indeed, if you bake in something in the browsers, then those implementation will be the boundary of what is practical to do. So any innovation will then be constraint by the browsers release and good will.
IFPS is a young tech, it needs time to evolve yet.
Tor and bittorrent are now quite mature.
It used WebRTC which is also encrypted. So gets you some privacy.
It's nice, but not nearly good enough.
Could you share your concerns about IPFS in its current state or what you see as its limitations? Thanks.
Facebook used to deploy their code using bittorent. I doubt it has changed.
A lot of blizzard video games update using bittorent as well. If you play Starcraft 2, you use bittorent.
Streaming services like stremio are basically bittorent. After netflix, it's my main source of video content.
If you want to download the internet archive, that's the saner option. Same if you are a pentester, as a lot of heavy leak or hash db are so huge only bittorent makes it practical. Too expensive to host for one small actor. It's also more resistant to take down notice.
We talked a lot about RSS lately, and how to revive it, while in comments people said it actually never died. Bittorrent is a lot like that. Great tech, great standard, it works flawlessly and fill its use case perfectly.
The only reason it's not more adopted is because it's not in the browser by default. Otherwise the hosting benefit and the dl speed is such that it would be an instant hit.
I'll be happy to give more details on ngdp if you are curious.
They basically created their own git protocol + virtual filesystem, optimized for asset patches inside large compressed binary files. I wish they'd open source it.
Related discussion: https://news.ycombinator.com/item?id=13140257
(And before you say anything, I do pay for Netflix and have video included in my Amazon Prime membership - none of which had those movies)
However it is usually through VPN, not Tor.
Project Fusion is a superset of that effort.
The key config file is distribution.ini.