Hacker News new | past | comments | ask | show | jobs | submit login
Hornet: High-Speed Onion Routing at the Network Layer (arxiv.org)
98 points by bn7t 15 days ago | hide | past | web | favorite | 17 comments

Analysis of HORNET (and Sphinx): https://arxiv.org/abs/1910.13772

Is there a way to find papers citing the original?

Google Scholar has a "Cited By" feature that is pretty good.

I have to admit I don’t know much about Tor/Onion routing beyond “the dark web lives there” — where is a good starter guide to legitimate things to do/find on Onion routed sites (in the same vein that BitTorrent for distributing free/open source software is perfectly legitimate)?

Anything that needs a higher degree of anonymity - some legitimate uses may be whistle-blowing, protest organizing, preventing an oppressive govt from spying on you etc. Reporters or agents in foreign countries might find it useful as well.

I can't think of a legitimate casual use off the top of my head tho. It may change if hornet provides decent speeds as tor is notoriously slow for most things.

Legitimate use: ordering from an online pharmacy, something that that is legal in your own country, and legal in the source country, but not legal (or just prescription-only) in the US, so there are all sorts of import restrictions every other country enforces for the US’s sake just in order to avoid being party to transshipment to the US.

(And, usually, you have to buy such things with cryptocurrency, too, even though they’re perfectly legal both for you to buy and for them to sell; the product’s scheduled status in the US translates to no payment processor [all US-based] being willing to work with the supplier.)

Try buying e.g. Russian-produced pharmaceuticals from Canada without Tor; I’ll wait :)

Another legitimate use related to your usecase: check crypto conversion rates without disclosing your interest (as some people and some countries have a negative view about crypto): http://4vhxreysjshbfrib.onion/

Seems that the same people are both for and against the policy that would make unnecessary, which is a shame.

the Tor network steadily had an increase in bandwith available / consumed ratio. it is way faster than it was a few years ago

https://metrics.torproject.org/bandwidth.png?start=2012-08-0... (from https://metrics.torproject.org/bandwidth.html)

This is just a research paper on onion routing.

To get started with onion routing that's currently in use I'd check out the Tor FAQ [0].

[0]: https://2019.www.torproject.org/docs/faq.html.en

At a very high level, Tor relays encrypted TCP traffic through atleast three intermediatories (relays). It is most effective for anonymity if used along with their Firefox based browser distribution. They do not recommend using Tor as a tunnel/proxy.

Here's a neat illustration by the Tor project of the protocol: https://2019.www.torproject.org/docs/onion-services.html.en

Here a webpage that describes Tor's v2 design in detail: https://2019.www.torproject.org/docs/onion-services.html.en

Here's the v1 (?): https://svn-archive.torproject.org/svn/projects/design-paper...

You can find some of the onion service addresses from here: https://en.wikipedia.org/wiki/List_of_Tor_onion_services

Facebook on Tor kicked off an interesting discussion: https://blog.torproject.org/facebook-hidden-services-and-htt...

> They do not recommend using Tor as a tunnel/proxy

afaik this is because of leakage problems - which can happen silently (eg tor connection goes down, suddenly all your traffic goes through clearnet)

using whonix (https://www.whonix.org/) mitigates this problem

whonix in qubes is also an option https://www.whonix.org/wiki/Qubes


> eg tor connection goes down, suddenly all your traffic goes through clearnet

They did write a short doc on it on other possibilities, too [0].

> using whonix mitigates this problem

Yep and whonix is one among Tor's recommendations [1].

[0] https://trac.torproject.org/projects/tor/wiki/doc/Transparen...

[1] https://trac.torproject.org/projects/tor/wiki/doc/Transparen...

There's a ton of esoteric forums and sites, libraries of rare and old ebooks and documents, etc. . There's also the dark part of the dark web e.g. drug markets, financial services (spoiler alert: most of the "bitcoin tumblers"/laundering services and escrow providers are fake and will rob you) and other seedy stuff, I would very strongly recommend staying away from that kind of thing entirely.

Get on to the hidden wiki, it acts as a reasonable index of common stuff and has links to Tor search engines if you want to get specific. I would also recommend checking out the security section and learning to make sure you're using Tor in a safe and secure manner.

Get a liveboot Tails linux instance running (they provide the operating system on live DVDs you can run from disk, although you can also run it in a virtual machine if you want - but that is considered less safe) and make sure the Tor browser is set to Safest security level (click the little shield next to the address bar), which disables javascript and other things which can leak your identity. It degrades the user experience on some sites, but is much safer in terms of anonymity.

Illegitimate use:

It's all hype tbh, there are very few .onion sites and they are tiny, most are filled with fake woo foo info like "Leaked FBI Proof of UFO's", "How the Illuminati turned my cat gay" that sort of stuff.

As far as legit .onion sites there are maybe 10 of them they all sell drugs and credit cards.

Legitimate use:

It's used to protect you from anyone that might spy on you, hackers, advertisers, social media, governments whoever the bad actor is.

In the current sate of the internet you make too much money being a bad actor to not be a bad actor. I think there is far more legitimate use of tor than illegitimate use. I would say that tor has more legitimate uses than torrents.

For what I've seen it's not very big. If you install a Tor browser and use https://dark.fail to copy-paste some onion adresses you should have some experience of it.

If you plan to do something "dark" you should investigate further, but for the curious this is enough.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact