From what I gather, there are 25-30ish or so child abuse sites on .onions; law enforcement knows about all of them; and law enforcement bots probably make up the vast bulk of their traffic.
My take is that the very unusual spike is probably law enforcement bots (Internet Watch Foundation, et al) regularly spidering the sites - if they restarted Tor each time, to try to make it harder for the sites to block the spider, as I believe they probably do, then they would cause a brand new HSDir lookup each time, which would skew Dr Owen's stats considerably compared to even high-traffic hidden services used by regular users - as we see reflected in the data. Dr Owen also thinks (from his 31c3 talk) that this is indeed a plausible explanation, although of course there is insufficient data to test this hypothesis (and nor is there any reasonable way of getting it).
Oh, and by the way, it is not only impractical for Tor to do anything about child abuse - it is not for Tor to do anything about this. Tor is a censorship-resistant, privacy-preserving computer network, by design. Please do not disrespect the value of liberty by asking anyone to find a way to censor it. If it can be censored for any reason, then it is vulnerable to being censored for every reason, and that vulnerability would need to be fixed. There is no fairy dust that can change that, and Tor is far too important for that - the devs know that well. Indeed, the anonymity that Tor provides can be (and is regularly) used by law enforcement to infiltrate the few online child abuse networks. (You'd probably see more on Hotmail, Yahoo and Facebook than on Tor.)
The big problem of child abuse is not at all new, and it is not an internet problem. You're not even scratching the surface by saying it's a problem of poorly-resourced childrens' services; lack of appropriate treatment of the most at-risk people; of vulnerable young people being failed by the people and services they trust to protect them most; and of vicious organised crime exploiting the most innocent and the most guilty alike. It is complex, and multifaceted - and though it might make headlines to do so, absolutely no part of it can be solved by just blaming a convenient scapegoat like "the dark web" and fucking up the internet in revenge. That just makes everything worse. If you want to take action there, maybe donate to Sure Start or something instead, that might actually do some good.
sickening, if unsurprising, that their only recommendation is to improve the public profile of hidden services rather than make any actual attempt to address abuse. would be nice to see them adopt something other than the Reddit-naïf position on the misuse of "free speech"/cryptography
There is no magic bullet here. Here are the things you were probably thinking of and why they won't work:
1. Allow relays to apply individual hidden service (HS) blacklists: HS addresses are not necessarily public, can require authentication to connect to, and are trivial to generate (these are all extremely important properties for anonymous publishing in general). So these CP sites will go even more "dark" once the relay blacklists start being an annoyance. Not to mention that relay blacklists open up an obvious DoS opportunity.
2. Require credentials for HSes and revoke them if they are discovered to be serving CP: There is no apparent way to make identity creation costly in an anonymous world where we must be able to support relatively poor users (e.g. without much CPU, memory, bandwidth, money).
3. Allow authorities to selectively deanonymize certain users or service: There is no way this is going to work in a world where nobody agrees on who the authorities are or what constitutes a legitimate request.
The Tor Project is doing one thing about this problem that is consistent with their mission. They are making accessible safe but useful information about the world of hidden services. In fact, they have a whole funded project on it <https://trac.torproject.org/projects/tor/wiki/org/sponsors/S.... Note that this project includes such useful things as improved crawling support, global HS statistics, and discovering public .onion addresses.
to be honest I wasn't even thinking as specifically as these suggestions - not that any clear solutions occur to me either. but they should, at the very least, recognize that there is a problem that needs to be addressed. I'd like to think there's a less fatalist & more morally empowered approach available besides "forget it, jake, it's anonymous". side note, it's good to see someone here considering the needs of poorer users
So what would be an "actual attempt to address abuse" with tor that isn't equivalent to shutting down the network?
Last I heard, they're happy for any volunteer to contribute and in a case like this, just having an "ideas guy" explain it to them might already be more than helpful, since this is no simple problem.
I wonder if it is possible to implement blacklists so that each relay operator may exclude their node from serving requests for hidden services they don't approve of.
E.g. a law abiding tor relay operator in Mauritania may decide to block the infamous underground apostasy discussion forum. It still remains accessible via other routes but the Mauritanian relay is now not involved with serving the site in any way.
It is possible and I suggested they do just that, some months ago. It won't surprise you to learn that this suggestion went down like a lead balloon, with lots of people assuming I must be an NSA agent, evil, etc. They consider the possibility for nodes to control which HS's they support to be a vulnerability and want to close it.
Tor has exit policies, which are somewhat similar ... exits can choose not to handle certain kinds of traffic (or only handle certain kinds). However they also seem to believe that exit policies shouldn't exist and only do, because of "unreasonable" ISPs that care about abuse.
The people in the Tor community seem oblivious to the political risk they're taking on with the hidden service feature. They keep claiming that dissidents etc use hidden services in the abstract, but all the real world examples people are actually familiar with are the worst kinds of abuse. Recently they announced they'd received a tipoff that directory authorities might be seized. Nothing seems to have happened yet, but the apparent credibility of this threat should have set alarm bells ringing at Tor HQ. Given that HS' represent a tiny fraction of overall Tor traffic, there are virtually no legit hidden services and all the really horrible abuse Tor is famous for relies on it, they should consider just dumping hidden services entirely. Otherwise they're putting everything at risk for a minority feature few users really care about.
There are legit hidden services indeed, but there a question if the legit ones actually need the protection TOR provides...
The sad truth currently is that the people who use TOR the most are the people who either do not need it's protection or do not deserve it.
As much as we like to play the victim card especially in light of the NSA scandals the truth is that people in free countries don't really get into trouble for doing shit over the internet even when it's illegal (to some extent).
And no i don't count the FBI knocking on your door if you post on facebook that you are going to kill Obama, or the police arresting that dutch teenage retard that tweeted she put bombs on 3 flights and told TWA(?) to figure out which a violation of privacy or civil liberties, those people deserved what they got.
On the other hand if you live in a country where legitimate activities taken over the internet can land you in jail or worse then even being suspected of using TOR will get you in trouble.
Even with all the improvements on masking TOR traffic it is still fairly easily identifiable, heck every entry level internet filtering appliance can block TOR these days with very high degree of accuracy even when the user doesn't use public access nodes.
So TOR doesn't and it's current state cannot provide protection to anyone living under a regime that does massive deep packet inspection of internet traffic(and yes i know the US technically qualifies for that too, but they are still not N. Korea, Iran, China, or Saudi Arabia).
The 2nd problem that TOR has is the fact that early adopters of such technologies tend to be criminals, the same was true with early P2P networks. Heck I still remember trying to download Shrek of Kazaa or eDonkey and getting a ton of pedo pictures instead, and that was very common in the early 2000's...
But this was true to everything from cellphones which back in the 90's meant you were either a business douche or a drug dealer, disk and phone encryption, and offshore bank accounts.
P.S.
Currently i actually have less trust in hidden services than i do in normal secure websites, after Facebook brute forced their address (https://facebookcorewwwi.onion/) and according to them with relative ease.
And since anyone holding the private key for the hidden service can update the directories and route all new traffic to them i think it's not farfetched that a sufficiently funded agency or an individual can do the same.
So while i still consider onion routing to be relatively safe form ease dropping, i consider all hidden services of sufficient importance to be compromised.
Facebook only managed to bruteforce the first 40bits of their .onion domain name. They stated themselves that it would be almost impossible to bruteforce the whole address.
I don't think that's what downvoting is meant for.
Yes I read the linked article, and the Andy Greenberg article and I watched the CCC talk ... both of which the blog post does not link to. So I've read it all. Have you?
I don't think my points are factually incorrect. Please name me one hidden service where (a) the operators are actually anonymous and (b) the man on the street might have actually heard about it and (c) what's going on there is not either illegal or unethical. I claim there are none: all the hidden services that have had mainstream coverage are illegal.
The blog post is the same as always: the Tor people never give specific examples of hidden services that are beneficial and always talk in generalities, because there are so few convincing good examples. Indeed it says the opposite - they want to boost usage.
Other than not linking to the material they're discussing, they also didn't mention the key finding that is causing such a ruckus: over 80% of all hidden service lookups are to child abuse sites.
They say this might be due to law enforcement crawlers, although there is no evidence of this and it leads to the question of why other illegal sites like black markets aren't being crawled just as aggressively.
There is a train of thought, like AlyssaRowan's post above, that says Tor cannot change anything because otherwise it wouldn't be Tor any more. I don't think that's correct. A peer to peer network is ultimately just a group of people working together for a shared goal. That community of people can define the rules for the services they provide, for example Tor tries by default to block torrenting because they collectively decided that they prefer not to spend their resources on that.
Bitcoin is another example of an opinionated P2P network. It enforces rather unorthodox rules about inflation and money creation, rules that alt coins often change. Regardless the people taking part in the Bitcoin network specifically have these opinions about the way to manage the monetary base and other people who try to deviate from those rules are effectively kicked out/ignored.
Tor and its community could become opinionated about the use of hidden services. They could say hidden services are intended for political communication and organisation, for example (along with whatever other useful things they think of), but not for child abuse. There is nothing technically stopping them, as the CCC talk pointed out. But they have collectively decided not to.
To block a certain hidden service on a relay you need to know what is the hidden service you are relaying data to (obviously), which completely defeats all anonymity - a 'first hop' relay would basically be able to make a list of all hidden services visited by clients connected to it.
such thing will just make it easier for government agencies to identify both users and hidden services via traffic analysis, so it's unlikely to be implemented.
On the other hand both hidden services, and directories can perform a similar thing.
Hidden Services can choose which directories they want to publish their address and identifiers too, this is part of the TOR HS protocol.
Directories can augment any request they get from the user and return what ever value they want, this is how you can cause effective DoS of the TOR network (or any other DHT implementation that does not enforce it's agency over core services) with very small resource investment.
My take is that the very unusual spike is probably law enforcement bots (Internet Watch Foundation, et al) regularly spidering the sites - if they restarted Tor each time, to try to make it harder for the sites to block the spider, as I believe they probably do, then they would cause a brand new HSDir lookup each time, which would skew Dr Owen's stats considerably compared to even high-traffic hidden services used by regular users - as we see reflected in the data. Dr Owen also thinks (from his 31c3 talk) that this is indeed a plausible explanation, although of course there is insufficient data to test this hypothesis (and nor is there any reasonable way of getting it).
Oh, and by the way, it is not only impractical for Tor to do anything about child abuse - it is not for Tor to do anything about this. Tor is a censorship-resistant, privacy-preserving computer network, by design. Please do not disrespect the value of liberty by asking anyone to find a way to censor it. If it can be censored for any reason, then it is vulnerable to being censored for every reason, and that vulnerability would need to be fixed. There is no fairy dust that can change that, and Tor is far too important for that - the devs know that well. Indeed, the anonymity that Tor provides can be (and is regularly) used by law enforcement to infiltrate the few online child abuse networks. (You'd probably see more on Hotmail, Yahoo and Facebook than on Tor.)
The big problem of child abuse is not at all new, and it is not an internet problem. You're not even scratching the surface by saying it's a problem of poorly-resourced childrens' services; lack of appropriate treatment of the most at-risk people; of vulnerable young people being failed by the people and services they trust to protect them most; and of vicious organised crime exploiting the most innocent and the most guilty alike. It is complex, and multifaceted - and though it might make headlines to do so, absolutely no part of it can be solved by just blaming a convenient scapegoat like "the dark web" and fucking up the internet in revenge. That just makes everything worse. If you want to take action there, maybe donate to Sure Start or something instead, that might actually do some good.