Hacker News new | comments | ask | show | jobs | submit login
Strength in Numbers: An Entire Ecosystem Relies on Tor (torproject.org)
151 points by DyslexicAtheist 33 days ago | hide | past | web | favorite | 88 comments

I personally believe that Tor is compromised. I have been saying this for several years. The amount of bandwidth it consumes, and the reliance on honest entrance and exit nodes, means it is assured that three-letter agencies run the whole network. I’m confident the government can demask users on demand as needed.

I would love a counterpoint to my opinion but given that public honest nodes have trivial donations I don’t understand who can afford to support this network other than incentivized agencies.

One possible counterpoint is that the FBI took over and ran a child pornography onion service in 2015 [1] in order to deliver malware to visitors and demask them. This suggests that at least the FBI does not have the capability to demask users on demand.

[1]: https://motherboard.vice.com/en_us/article/qkj8vv/the-fbis-u...

Well, they also lied they couldn't break into that iPhone to try to get a court ruling that made it unnecessary to use expensive contractors or secret exploits. They lied that cryptography is blocking them a lot in general when the data shows that's rare. The NSA also had attacks on most mobile OS's, backdoors in ISP's, and so on feeding stuff to FBI who supposedly had no such capabilities.

Btw, the big ISP's being backdoored with high-bandwidth, Tor nodes on same networks drawing people to use them is about the worst-case scenario for Tor. Global visibility into traffic patterns on top of huge, attack budget for partial or full defeats of the technology. Plus lots of storage to keep as much encrypted traffic as they can as long as they can. That lets them hit today's systems or encrypted data with future attacks.

I assume NSA sees it all. I assume the FBI gets a part of it which will grow over time, concealing how they got the information. I did anonymous activities using equipment bought in cash over WiFi and HTTPS-looking connections to blend in with the less-interesting crowd. If worried about publicity, use cantennas so folks can't see your face on camera. Preferably suburban areas with more empty space and trees than cameras. Maybe Tor, too, but just don't use it anywhere near devices or a residence that's obviously yours.

Couldn't it have been parallel construction? They wanted convictions without revealing that Tor has been compromised.

There were strong suspicions of parallel construction in the Silk Road case, where the US government was able to track down the Silk Road's servers despite its use of TOR. One article: https://krebsonsecurity.com/2014/10/silk-road-lawyers-poke-h...

So if you've been following Tor closely for years, you've presumably decided you don't trust Roger Dingledine?

I say this partly as an appeal to his authority (which I'll argue is not insignificant), but I don't mean it in an aggressive way. I don't know him personally, and I can't say very precisely how much trust I have in his claims.

With that said, he's claimed that he personally knows a substantial number of relay operators by volume, and there is significant pressure from certain levels of the US executive branch on the Tor Project to either compromise or abandon development of the Tor network in order to stop child porn.

Of course, he could be entirely unaware that the relay operators he knows are compromised or are simply federal agents, or he could be himself.

But I think these, among other pieces of information, must be contended with to develop a theory that tor is entirely compromised.

For instance, there are claims that people within the intelligence community use and rely on tor for their own work.

That’s not nessisarily relevant. In WWII most codes where cracked, but little of this information was used as the assumption was keeping the secret is generally more valuable than using the information. If in practice those agencies leave users alone then the polite fiction provides very useful cover.

Sure, if you’re trying to sell a stolen nuclear weapon then don’t use it. But for stolen credit cards it’s probably very safe in practice.

This is where "parallel construction" comes into play.


The entity using the information works backwards to construct a plausible fake chain of events which is acceptable to a court and hides the true source of the information.

It is absolutely relevant, it is your point that is not. Random drug dealers are not the Germans, and there is no war. They arrest shady people using tor all the time, and if tor is compromised, they can use parallel construction to hide their use of tor.

Timing attacks especially.


The referenced Tor Project blog post, "One cell is enough to break Tor's anonymity", was written in 2009, prior to any Snowden revelations about the scale and scope of state-level actors to see the entirety of the global networks.

AFAIK, Tor still refuses to have nodes add random delays and random padding, etc. to make this style of analysis more difficult, but I am just going off what I researched a few years ago, so I could be wrong.

Tor already "pads" to cell size. There is ongoing work towards better padding. Look at WTF-PAD for more. It is surprisingly difficult to improve padding effectively, and you just can't add delays to TCP streams. Tor is not "refusing to add" either of those things.

A more recent and thorough real world analysis of the traffic correlation problem is https://www.freehaven.net/anonbib/#ccs2013-usersrouted . In general, that site has a lot of great papers on these topics.

> you just can't add delays to TCP streams.

Why not? I'm talking about shuffling queues such that it cannot be determined that a given node is relaying traffic in the order that it receives it. This is how most packet shaping works, no?

At a minimum, I would expect Tor to be more secure by having nodes:

* Not process traffic in the order in which its received, obfuscating the cause-and-effect of a packet being received and a packet going out

* Pad traffic substantially with garbage such that the outgoing size cannot be associated with whatever came in, potentially splitting packets in half so that they can appear smaller than they actually are, forking around many different nodes.

* Sending lots of random garbage traffic between relays such that input and output is meaningless overall, perhaps relaying packets to several nodes needlessly, when only a single node is instructed to actually do something with it.

To my knowledge, Tor doesn't do any of this and has explicitly ruled out the possibility because they're more concerned with usability than security. And maybe that's the right call to make in the end, I don't know enough to say. I'm just saying that it's possible to imagine a system like Tor that is more secure than Tor, and that's something worth talking about.

I'll check that link out, thanks for posting it.

Your ideas are correct but not easy to do. Browse the Anonbib and you will see lots of designs being discussed over what is now more than 30 years of research. Yes, Tor favors usability, also since previous attempts at safer systems were never adopted by enough users (Mixmaster, Mixminion).

Already lots of people pick less safe options because "Tor is too slow". If you make it slower, you lose users, and everyone loses anonymity. That's only part of the answer and not the only argument against some of the changes proposed.

I highly recommend the original design paper. [1] It touches on the very valid suggestions you make, and the tradeoffs. Sadly, not much has changed since. If you have a valid proposal, and you double-checked briefly what is covered on Anonbib as previous considerations, post to the tor-dev list and it will be looked at by Tor developers. At least that is my experience from following that list.


TOR aims to also be fairly low latency/bandwidth and many of those suggestions would probably destroy that.

If you are using Tor for unencrypted connections to the internet, then sure, the security is going to depend entirely on the honesty of the nodes.

But what about when no exit nodes are involved, when you connect to hidden services? And if your underlying connection is properly encrypted, then the most that could be divuldged is metadata. You'd have to believe the U.S. government has also broken popular crypto, and I believe that if that were the case we would've never seen things like Dual EC DRGB. Even powerful quantum computers could only weaken cryptographic algorithms, if my understanding of Shor's algorithm is accurate, so you could always use paranoid-sized keys or post-quantum cryptographic algorithms.

The folks that work on and support Tor are by all accounts some fairly intelligent people. It is obviously very possible the whole network is compromised, but it would be very impressive if it was compromised and nobody ever found out.

I think software like Tor-based IM is still useful even in the event that the network is compromised to some degree.

You should operate on the assumption that a significant fraction of the Tor nodes are hostile. The value is simply too high not to operate that way.

Given that, I would at a minimum route your network through an anonymous VPN (or two) before touching the Tor network.

It all depends on your opsec requirements but don’t be a naïve fool - Tor is not a magic anonymity service. It has pros and cons like everything else.

I would argue that using a VPN while routing under the Tor network mitigates any possible security that was originally provided by Tor.

Even if there is N% possibly that a three-letter agency can find an identity correlated to a Tor client in M time, VPNs are much more likely to either be malicious or compromised. And worse, most if not all VPNs don't onion or scatter-route traffic; every single network request goes directly to the VPN provider whom I must explicitly trust.

Granted, this isn't a problem if you run your own WireGuard/IPSec/OVPN instance on your own hardware, but for most people in unfree countries this simply isn't possible.

What's worse is that now not only do governments possibly collect your data, but a random third-party entity as well. Because of this, I only use VPNs when the alternative is nothing at all (like airport wifi that blocks Tor connections).

Where can I get such an "anonymous" vpn? The VPN providers are selling the traffic logs and/or charging you in a traceable way, while Tor literally routes you through multiple VPN servers (aka Tor Relays) to mitigate this risk.

VPNs can be purchased with BTC. Mullvad is a provider that is relatively trusted, and you can use it with Wireguard, can even do multi-hop.

You probably don't want to connect with a home cable connection. Break into other WiFi or use public WiFi hotspots. Preferably never the same one twice.

Compromised machines can be a mixed bag and require some actual work, but people definitely use them as additional routes in their chain of proxies. You could also use cryptocurrency to buy VPSes to use as VPNs potentially, which offer usefully different privacy characteristics than VPNs as a service.

Even if you get everything else right, the worst enemy will always be you. You need to regularly cycle identities, never reusing them or linking them back to previous identities. If what you're trying to accomplish does not make this possible you most likely are not going to be able to stay anonymous forever.

This is basically the same advice you'd give to someone trying to commit crimes. Well, if you consider any potential adversary to be a threat, it's pretty much the same approach. I think it's wild overkill for most folks because most folks would never have even nearly good enough opsec for this to matter - I know for a fact that my opsec is simply not going to be good enough, I'm just not that organized. For most of us, the best approach is to just not give three letter agencies any reasons to want to destroy our lives. It's easy if all you want to do on the internet is listen to music and talk about programming.

Still, despite the fact that I don't really have any need for this, I find it to be a really fun thought experiment. And there's some pretty good talks about it, too.

> VPNs can be purchased with BTC.

That doesn't matter since you're still connected to them with your IP address, plus there's the additional problem of browser fingerprinting which alone may leak enough information to de-anonymize you and let us not even mention the lack of first-party isolation.

Pay for your VPN with privacy coins or run your own VPN. Of course the unethical and illegal method is to compromise a number of systems to route traffic, but obviously that’s problematic.

Problem is how do you trust the VPN operator? They have your connection metadata, and no reason not to use it against you. If you want a trusted first hop into the Tor network, use a guard node run by a friend or yourself: https://www.reddit.com/r/TOR/comments/5qmqw4/should_i_be_usi...

> Pay for your VPN with privacy coins or run your own VPN.

That doesn't matter since you're still connected to them with your IP address, plus there's the additional problem of browser fingerprinting which alone may leak enough information to de-anonymize you and let us not even mention the lack of first-party isolation. Running your own VPN is even worse since it basically links you to all of the traffic.

> But what about when no exit nodes are involved, when you connect to hidden services?

OP is claiming that a combination of traffic/volume analysis and dishonest nodes can find a hidden service source.

This can be refuted pretty easily, on various grounds.

One, you are assuming that all parties interested in deanonymizing Tor collaborate. As you say: agencies, not agency.

The design makes sure that you do not need to trust any node in particular. The damage individual nodes can do are small and basically amount to temporary denial of service for non-exits (which clients will quickly route around) and messing with your traffic as exit (which becomes less and less of a problem as everything moves to e2e, and https is improved/hardened with key pinning etc). The remaining problem is statistical correlation, where studies show it is actually not trivial to perform and takes time and repetitive behavior.

Your argument also assumes that everyone is immediately fucked when one powerful adversary can break the anonymity. This will very rarely be the case in real scenarios, where "the NSA" will just not care about you, but plenty of other actors might. By spreading not necessarily false but very simplified claims, you are drawing users who don't know better to systems where they will be clearly much worse off!

The list of relays is public. There are actually surprisingly few exits that carry most of the traffic, which yes, is a weakness, but that weakness is still stronger than anything else you could compare it to. You can look at the large operators like universities and nonprofits like www.torservers.net, their relays, and you will see that it does not take that big of a budget to run the majority of all exits in terms of total capacity. Is is much easier even to contribute high bandwidth entry nodes -- again, feel free to check the largest non-exits in terms of capacity, and investigate the motives. It's all public information.

I say all the following as someone who is generally pretty pro Western Intelligence and skeptical of any tinfoil hattery, BUT:

> As you say: agencies, not agency

This seems to willfully ignore the immense degree of cooperation between Five Eyes, Nine Eyes, SSEUR, etc. It's hard to get real numbers, but I think one would be safe in making the assumption that spending of Five Eyes + friendlies absolutely dwarves any other intelligence expenditure. So call it "the NSA" or whatever, but we are referring to the giant, interconnected "Western Intelligence" supra-national agency whose capabilities were considered to be the stuff of science fiction before the Snowden leaks.

> The remaining problem is statistical correlation, where studies show it is actually not trivial to perform and takes time and repetitive behavior.

You are disingenuously shrinking the problem space here, by pretending that Tor is somehow bug free, or that all known bugs and flaws are already known. This is vanishingly unlikely. The question is not "are there exploitable bugs in Tor", but "how many zero-days do these organizations have?"

Further you hand-wave away a well-known problem by saying it's "not trivial to perform". You're talking here about an organization that literally taps underwater cables with specialized submarines, and arguably scans and extracts metadata from virtually _ALL INTERNET TRAFFIC_.

The parent said:

>> "I’m confident the government can demask users on demand as needed."

which you then attempted to reduce to the absurd by saying:

> Your argument also assumes that everyone is immediately fucked when one powerful adversary can break the anonymity

Which is a bizarre reading.

> feel free to check the largest non-exits in terms of capacity, and investigate the motives. It's all public information.

Other people's motives are "public information"? Lulz.

So you think using Tor is worse than not using Tor and connecting to everything plaintext?

My understanding is that Tor is not a permissioned network. This means that anyone can run a node without asking for anyone’s approval. If this is the case, a trivial amount of money in terms of the USA defense budget ($100mil - $1 bil) could be spent to selectively reveal entities that the gov finds worthy of arrest.

Everyone be careful, nothing is as simple as it seems. Notice how I’m responding to an anonymous user. This is expected.

Again, very simplified. The design makes sure everyone knows about the same network. The network is being monitored by independent folks constantly, and you cannot just ramp up lots of capacity without anyone noticing. Not only the current state, all past states of the network are recorded.

You also make it sound like there would be an alternative design, like a closed set of operators. Now, that would obviously be worse than an open system. All you need is two non collaborating entities in your path.

Note how I am trying to convince you with facts, whereas you point to my preference of anonymity as something that makes them less worthwhile. Such ad hominem attacks should be avoided in serious discussions, thanks. I value my anonymity.

It goes the other way too, as revelations have come out about NSA network siphon implants at AT&T and Verizon (and a person can assume if they are on those networks snooping traffic they are on all meaningful interconnects). You can greatly reduce the amount of hard inserts in the entry and exit nodes required for many of these attacks if you have access to the streams of traffic before and after the nodes that you do not control. Even with the padding projects on Tor I would bet pretty hard money that today, and for the last 2-5 years tor has effectively provided 0 anonymization benefit (against state actors) to its users. Now if you are asking does it provide such benefits to users against other parties that are not as well placed or funded -- I think that is a hard yes.

But like most other things related to tradecraft, I doubt we will know the true case for decades (if ever). I mean there were rumblings that NSA had siphons in major pops for 20 years before it was confirmed -- and you could not count how many times people that stated that belief over the years were looked at with suspicion/disbelief.

"State actors"?

This is implying that over 190 countries have that capability, and it is available to all "state" organizations. Like so many comments on HN, saying that it offers "0 anonymity", this shows ignorance of what is going on in the rest of the world, and the kind of surveillance the world's population is under.

Further above, Five Eyes were mentioned. From the Snowden leaks it is known that some eyes get assistance for sacrificing all data upstream to NSA, but its not like all participants have equal access. So even claiming that "any" "Western" "state actor" has that capacity sounds far-fetched.

Also, this is ignorant of all the non-state actors interested in your data.

If you want to be pedantic, then lets clarify my statement that:

given anonymity requires that your identity is not known by any other entity and

given that it is known that at least one state actor has known ability to inspect/siphon much of the traffic around the world either directly or through data sharing and

given the ability to inspect traffic at such locality and breadth allows for unique attack vectors to tor which greatly reduce the need to park/own ingress or egress nodes

It is highly likely that there is no (0) implied guarantee of anonymity for any specific user on Tor.

I don't really know whether the government of my country knows I use TOR (i use obfs4) and whether he can "correlate" sites i visit. If i'm of such interest to him, he can knock at my door and get all my computers : i will give him without any resistance.

Because the fact is that i use TOR to be anonymous and escape data mining by dangerous Big Companies : i can elect a government and should give him access to part of my data needed to be a citizen of my country, but i never elect thoses dangerous companies that steal and sell data, violate privacy, accumulate large data set about us behind our backs to cross-annalyse and compute who know why we didn't ask or envisage ... Governments are supposed to be accountable, companies are not unless we publicly discover they did something wrong.

This doesn't matter.

If you use your residential internet connection you're definitely not anonymous.

If you use Tor you're maybe not anonymous. That's still better.

Tor has convinced the average user that it is a black box that protects them and this is gravely untrue. It may be safer than your residential ISP but the level of security it claims to provide is simply false.

Like I said, I would appreciate someone explaining why I’m wrong but I’ve been closely following Tor for years and I haven’t seen anything to refute my opinion.

> Like I said, I would appreciate someone explaining why I’m wrong but I’ve been closely following Tor for years and I haven’t seen anything to refute my opinion.

That's gonna be tough, as the network would be broken if we could show you're wrong. Anonymity means you don't know. I've also been closely following for years and haven't seen anything to support your opinion. I believe most Tor nodes are run by aliens and haven't seen anything to refute it. Not saying you shouldn't be cautious about anonymity, aliens, or whatever, but to tell everyone it's non-anonymous, intergalactic, etc and wait to be convinced by your own standards you're wrong doesn't help the practical user.

Curious though, if a popular non-nefarious app that used Tor were to emerge and communicated only on onion services (i.e. no exit nodes) and most users (i.e. non-mobile) were also relays, do you think that would help reduce the percentage of surveillance relays enough to feel comfortable? Or are there any ways that you could feel comfortable in a popular, anonymous, distributed network environment that most participants weren't surveillers?

Where does Tor claim to do more than it can? Can you point at any specific statement?

Compared to anything else in that space, I always liked how Tor does not promise magic, but is actually pretty open about its weaknesses. Most of what comes up as "new discovery of a weakness" is actually already covered in the original design paper and FAQ.

Sure, maybe you're right. Maybe Tor is compromised. I'm not saying you're wrong. I don't know.

But what are you going to do? Not use Tor? That's surely worse.

His point is that Tor is a honey pot because people will use it for stuff that they wouldn't even do on their residential internet. It's not an argument of better or worse.

Definitely could be, but they must have gone through the trouble of setting up a larger number of little nodes if that's the case, as a lot of the largest exit nodes on the network have known operators. For example, as of a few weeks ago, a friend/grad students put up a top 5 (by bandwidth) in the US in the Media Lab at MIT, and a different friend ran a top 10 out of an MIT dorm room a few years ago before eventually getting shut down by admins. Fortunately, this one will likely stay up as it's under Joi Ito's purview now.

There are multiple counterpoints but most can be summed up that there is no strong argument in favor or either so that one has to fall back on a personal default.

Bandwidth consumption in Tor is not that big at 300Gbit/s. While its not perfectly comparable, a 1gbit/s connection residential connection cost about $100 a month. Imagining 300 users, or rather 7000 servers, is really not that big for a community project by volunteers. Naturally this finding is a double edge sword, as it also mean it is not costly for a nation to become the majority owner of all servers if they wanted to. Bandwidth is cheap. It is so cheap that one ISP has started to roll out 10Gbit/s for residential use.

7000 nodes are nothing for high bandwidth nations, and its not without reason that some over represented nations in the Tor network match those that subsidized broadband infrastructure. Sweden is about as big as UK but with 1/6 of the population. Germany is twice the size of US (https://metrics.torproject.org/bubbles.html#country).

I do not think cost is relevant to the question. Any agencies of any nation could afford it. The question really is if they would bother, and if they could continuously do it stealthy enough to not rouse suspicion. Its rather know that the hardest security to do is to run operation security continuously without mistakes. In additional we have leaks from inside (Snowden, Manning), internal politics, and I personally do not think it is likely that they would have managed to run perfectly stealthy for 16 years. I would give them the benefit of the doubt that any given year they could take over it, but once they do it won't take too long until it is detected.

> I personally believe that Tor is compromised. I have been saying this for several years. The amount of bandwidth it consumes, and the reliance on honest entrance and exit nodes

You obviously never bothered to look at who runs relays: https://metrics.torproject.org/rs.html Plus Tor's threat model already assumes that some nodes are compromised: https://www.torproject.org/projects/torbrowser/design/#adver... And as others pointed out, the oft-stated "using Tor is better than not" applies.

Any network where a single server somewhere runs a domain is not going to be reliable. People can use timing attacks to figure out who is running what.

SAFE Network is much better, as was stuff like Freenet and PerfectDark.

I've wondered the same. bandwidth is still very expensive at scale. How TOR exit nodes could afford it years ago is a mystery to me. There's some ISP's that host their own in europe, but aren't there still expensive charges when all that bandwidth goes out of their network?

It is extraordinarily cheap at scale, you can buy a gigabit port that you can blast at 1000mbit all day, every day, forever for around $300 a month (which comes out to about 300 TB of traffic in a month).

If you stick with providers like AWS or Amazon, sure its absurdly expensive, but its yet another way they have a huge amount of markup.

How does Tor rely on honest exit nodes?

Basically, if you control the entry and exit nodes of a user, you can correlate their traffic. So, if a group had control of large numbers of servers, eventually (faster or slower depending on what proportion of tor servers they controll) they would be able to view a targeted user's traffic.

That is a very well-done campaign. Motivated me to donate what I could.

Now more than ever the world needs Tor.

Yep, this has me looking at running a relay now that I have the bandwidth to do it (thanks, NBN). I don’t use Tor personally—I’m lucky, I don’t need to—but it’s an invaluable service for those who do.

If you don't have the resources, don't run a relay.

Instead, try to lobby at work to make you site directly available on a onion address.

Normalizing is more important IMHO.

If you can't do that at work, just install the client on W10, and show it to friends and family.

Because there is strength in numbers.

I don’t have a ‘work’ [0] but I do have a very stable 100/40 connection at home that is very rarely pushed to those numbers.

I’ve set it up this morning, I’m running a relay but NOT an exit node, as per Tor’s recommendation. I’ll keep an eye on it and my network connection.

Further advice welcomed, I just want to do the right thing. Thank you.

[0]: And when I do ‘work’ it tends to be at the sort of place where you absolutely could never run a Tor relay!

All the best. It's uncanny. I moved to a house that had NBN, so I set up a middle relay for the first time in my life. I had an amazing 150/100 connection from Aussie Broadband.

Then I moved house again, and now I'm back in a non-NBN area. No more Tor relay from me.

I think running relays is great idea to help speed up the network to improve user experience. Just note, for middle relays (which is sadly the only sane option from home unless you're fine with police banging down your door at 4am at any time due to your IP address publicly sharing all manner of illegal material), you may not get use for weeks or even months, apparently the network waits until you prove your track record of consistency first. But it's important to just be there to support sudden surges in Tor use like when a dictatorship crackdown happens somewhere, and en entire country suddenly needs to access normal websites again. So if you can afford the electricity of a small tower running 24/7 at home to support Tor, I'd recommend it, I've done it before. try the tor relays IRC chan for support.

Their blog post explains this really well. [0]

I'm running this on an old Mac Mini which sits under my desk, is ethernet connected to my router, and is never turned off. My only concern is CPU usage, this thing is a mid-2010 Core 2 Duo. It runs quickly enough because I stuck an SSD in it, but I've no idea how Tor might affect it once I start seeing actual traffic.

Also interesting that there are only 78 [1] active relays in Australia as of the time of writing. That's not many!

[0]: https://blog.torproject.org/lifecycle-new-relay

[1]: https://metrics.torproject.org/rs.html#search/country:au

Doesn't CloudFlare's new onion routing make a large chunk of the web immediately available over Tor? It seems to me like a great idea.

> Motivated me to donate what I could.

thank you!

So .. my (mobile) ISP is blocking access to torproject.org. Guess the proof is in the pudding why TOR is needed

Now do a study on how many productivity hours we have lost solving reCaptcha over TOR

Try this Firefox add-on [0]. In my own personal experience it works 95% of the time.

[0] https://addons.mozilla.org/en-US/firefox/addon/buster-captch...

Wow I love Tor. It's a sort of technical poem to my faith in humanity.


Let me get this straight, you think caring about human rights is a partisan thing? I guess it is in the United States currently...

Human rights is ill-defined, certainly less well-defined than anonymity. Saying the project serves human rights effectively means the project serves whoever gets to define what is a human right.

Human Rights are very clearly, and universally defined[0]. They're things that every human deserves. There's not really any room for debate about that.

[0] http://www.un.org/en/universal-declaration-human-rights/inde...

What rights people have and how those should be applied to real-life situations is a massive ongoing question. Does a woman have a right to an abortion? Does an unborn baby have the right not to be killed? Does a responsible adult have the right to be armed? What about with a pistol or an automatic weapon? Do religious people have the right not to have their beliefs disparaged? What about Christians vs "piss christ"? What about Muslims versus Mohammed cartoons? What about micro-religions of 100 people? Or Scientology?? Do people have the right to free speech? Does the right to free speech mean only the goverment can't persecute you directly, or does it include a situation where a cartel of infrastructure companies (credit cards, website hosts) decide to do everything to remove you from the Internet? Do people have the right to health care, and how do we square that when resources are scarce? Does it mean doctors are slaves?

The UNHRD is nothing like universally accepted. For example, Muslim countries considered that it violates their idea of what human rights are, so they made their own Islam-friendly human rights declaration [0]. That's like 1/4 of the world population rejecting your universal human rights at the outset.

[0] https://en.wikipedia.org/wiki/Cairo_Declaration_on_Human_Rig...

> What rights people have and how those should be applied to real-life situations is a massive ongoing question.

That's a feature.

We don't have a single entity that can prescribe and dictate specific rulings in specific scenarios under the diverse range of city, state, and nation laws the world contains.

Acting like the UDHR was ever meant to be something so specific is asinine.

"The Declaration was the first step in the process of formulating the International Bill of Human Rights, which was completed in 1966, and came into force in 1976, after a sufficient number of countries had ratified them."

> The UNHRD is nothing like universally accepted.

Except by most states the world over it is and has been for decades.

"Some legal scholars have argued that because countries have constantly invoked the Declaration for more than 50 years, it has become binding as a part of customary international law."

> For example, Muslim countries considered that it violates their idea of what human rights are, so they made their own Islam-friendly human rights declaration [0]. That's like 1/4 of the world population rejecting your universal human rights at the outset.

Except they didn't reject the UDHR at the outset. Nobody did, not one member of the UN voted against.

"Of the then 58 members of the United Nations, 48 voted in favor, none against, eight abstained, and two did not vote."

Furthermore, The CDHR came what 14? years later? Likely after the radicalization of islam that took place during that period. I mean hell, back in the 60s/70s muslim women were wearing miniskirts.

In fact, the simple fact that the CDHR exists tells me that,

a) the UDHR is working as intended as it allows its existence, and b) the UDHR got things mostly right if a religous entity feels the need to disavow it and make their own.


> "Some legal scholars have argued that ...

A paragraph later in the wiki-article you copied from, this is opinion is immediately refuted. Instead the buck stops at constitutions and the like.

It's a declaration of interests. It is heavily stressing the word law, which is very much not an inherent value, that the term competing interests should be hard to shrug off. I am not going to write a fully fledged critique in a HN comment about this monumental document, but it's always going to be a two edged sword.

For one funny bit see this paragraph:

> Everyone has the right to leave any country, including his own, and to return to his country.

Which is asymmetric, not to say utterly useless, without provision about where to leave to. I forgot what GP's point was :(

How is that utterly useless? It's pretty clear the intention is to prevent a) people being prevented from leaving enmasse and b) revoking their passport.

This is basic stuff and doesn't work in a vacuum you can safely assume we live on the same planet that happens to have mostly open borders.

Regarding the customary international law thing it was not refuted at all. It says that it does not constitute international law for the USA, and does not constitute domestic law for some [citation needed] other countries - likely because of the vague at times wording.

The fact some nations dispute it doesn't make it any less customary international law, hell it's kind of the definition otherwise it would just be international law.


Customary is just that, it doesn't have to be upheld but it can be used as a moral guide to defining and shaping other laws.

Seems pretty subjective to me.

For example, "This right may not be invoked in the case of prosecutions genuinely arising from non-political crimes or from acts contrary to the purposes and principles of the United Nations."

don't mind me asking. Are you saying that tor is mainly developed / advocated by left leaning groups? Isn't it a tool that can and should be used by all camps, regardless of ideology. e.g. everyone has a right to anonymity or not? Not trolling you or trying to be cheeky, just trying to understand your reasoning better. thx

It indeed is a tool that can be used by all camps, but the organisation that controls it has made it clear that only people in the "libertarian" part of the political spectrum can use it.

How exactly have they made that clear?

I thought it was pretty clear that Tor is for everyone.

You contradict yourself in very few words:

can be used by all camps


only people in the "libertarian" part of the political spectrum can use it

Additionally, the organisation that controls it don't control the content or who can use it. They continue to improve it and maintain it for the purposes of maximizing anonymity and preventing the type of 'control' that you seem to think they're capable of.

That's just silly, I can't see any evidence for that. What causes you to believe this?

Please link and explain this.

When has the Tor Project ever excluded anyone based on ideology?

EDIT: Correction, I was misinformed. Daily Stormer was not outed from Tor: https://www.fastcompany.com/40455652/the-tor-project-wont-ce...

This is a lie.

How exactly does that cater to only one side of the political spectrum?

It sounds like they're complaining about this blog post, where the Tor project disavows use of their software by neo-Nazis, child pornographers, and other assorted deplorable people: https://blog.torproject.org/tor-project-defends-human-rights...

So instead of "one side of the political spectrum" more like, "a few standard deviations away from the center of the political spectrum".

Three standard deviations from center leaves you with just the 0.15% on either end.

If Tor is to remain as an acceptable thing to run and use, the Tor Project can't outwardly espouse ideology that drives away the normal users that allow Tor users to blend together. Those browsing Tumblr over Tor, shitposting on Reddit, watching YouTube, etc are key to retain so as to normalize the use of the Tor Browser Bundle.

They're disavowing 0.15% of users.

And even so, note that that is not the same as blocking 0.15% of users, which is impossible.

Since when libertarianism and human rights have been on the opposite sides?

> Since when libertarianism and human rights have been on the opposite sides?

I dunno about opposite, but certainly in opposition on certain points: http://www.un.org/en/universal-declaration-human-rights/inde...

"Article 25.

(1) Everyone has the right to a standard of living adequate for the health and well-being of himself and of his family, including food, clothing, housing and medical care and necessary social services, and the right to security in the event of unemployment, sickness, disability, widowhood, old age or other lack of livelihood in circumstances beyond his control. (2) Motherhood and childhood are entitled to special care and assistance. All children, whether born in or out of wedlock, shall enjoy the same social protection."

Obviously, this means taking from those who have to give to those who have not, which is pretty strongly opposed by the right-libertarians.

a bunch of the others also conflict with right-libertarian principles; like article 24 limits working hours and says I should get some paid vacation and 26 says elementary education should be free (and compulsory)

I think that nabla9 by "human rights" refers to human rights as a universal concept (and probably under their own accepted definition) rather than the specific definition by the UN.

I don't think that changes my point? A lot of people consider something like article 25; some right to minimal food, shelter and medical care to be part of human rights.

Right-libertarians generally don't believe that you have a right to any of those things if nobody else wants to give those things to you.

Generally this is talked about as the conflict between positive vs negative rights, or human rights vs property rights.

I mean, you could come up with some version of "human rights" that doesn't include the right to food, shelter and medical care... but you could also come up with a definition of libertarianisim that includes some form of welfare for everyone. I personally know several people who identify as libertarians who also support universal basic income...

I'm just saying, that's not how those words are usually used. Usually 'human rights' includes some kind of positive rights, and usually 'libertarian' means 'primarily focuses on property rights'

I left Tor Project after seven years for the same reason (the pivot from "internet privacy" to "human rights watch for nerds" where internet privacy is a means to an end). At Tor Project, the adults are no longer guiding the ship.


It appears nobody who responded to you actually read the content behind your link. All the responses to you and the OP are merely low effort proclamations of exasperation unrelated to your argument.

As I understand your argument you were saying that Tor's rebranding-- emphasizing human rights advocacy-- could ironically make it more difficult to operate nodes in countries that have a poor track record on human rights. You gave some examples of Asian countries which took firm stances against corruption, for example, but which also took stances against western ideals of human rights. The implication being countries which might allow Tor to enhance whistleblowing capabilities might reject Tor if it is closely associated with human rights activities.

That said, your article is 2+ years old so there should be substantial data on your claim by now. What does it show? Has Tor usage diminished measurably in those countries due to their rebranding, or not?

There's still a few nodes remaining in Asia.


As a point of comparison, look at the nodes for Ethereum, which, IMHO, is a even more disruptive idea than Tor.


Ethereum is a much younger project than Tor, and explicitly eschews the human-rights / internet-freedom branding, even though it will obviously be incredibly useful for those purposes.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact