New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Repost: If Tor VANISHES over the weekend, this is why
MarkTurner
Member
in General
I don't use Tor but I know many of you do. Maybe fact, maybe fiction.
The Tor Project is warning that its network – used by netizens to mask their identities on the internet – may be knocked offline in the coming days.
In a Tor blog post, project leader Roger "Arma" Dingledine said an unnamed group may seize Tor's directory authority servers before the end of next week. These servers distribute the official lists of relays in the network, which are the systems that route users' traffic around the world to obfuscate their internet connections' public IP addresses.
http://www.theregister.co.uk/2014/12/20/heads_up_if_tor_goes_down_over_the_weekend_this_is_why/
https://blog.torproject.org/blog/possible-upcoming-attempts-disable-tor-network
Thanked by 1vRozenSch00n
Comments
Hopefully it won't happen, but if it does existing users should still have a cache of the directory until the servers come back online...
Perhaps the protocol is not designed so well, if it relies on "central directory servers". Perhaps this information should be made available over some decentralized p2p protocol.
Across the internet you still need something to bootstrap the process and allow yourself to discover at least one other thing, which then gives you information about more, and so on. Since this has to be a fixed element there's always a vector for attack there.
Sure, but it can be more decentralized. For instance the client could remember the list of relays from the last one it used the Tor network and try some of them in a random order to ask them for an updated list (cryptographicly signed / authenticated of course).
Note i have no idea what the client really does at the moment, i haven't looked into it as i'm not a tor user.
https://geti2p.net/en/
I suspect internet privacy is going to be a game of whac-a-mole for the rest of my lifetime at least. Quite frankly I have little need for privacy, but that's a good thing as it puts me in a better position to support it where I can. As the old saying goes, would rather have it and not need it than need it and not have it.
Am i the only one thinking: "And nothing of value was lost."
If you live somewhere that you can freely speak out about what goes on around you without fear of being dragged into the streets and murdered for display on YouTube, I imagine you would think that. Others, however, are not always so fortunate.
Well said.
Think of all the people who wont have an outlet to transfer their child pornography around.
Dont think this is gonna happen..
I despise those people as they always tarnish the name of privacy. However, I believe that their actions will go on regardless and their actions, no matter how depraved, will never justify a society in which privacy is unattainable.
you always could use https://freenetproject.org they dont use centralized servers if i read their pages correctly https://freenetproject.org/understand.html
russian government was looking for someone to break the tor network i think
http://rt.com/news/175408-russia-internet-tor-service/
I agree. Which in a weird way makes it kind of fun.
I am a "recreational privacy advocate". Other than not having my SSN, credit cards, etc. owned, there's really not anything I do that would get people very excited. But as you point out, it's good to know how to do it and have the tools handy if you ever need it.
It does make me sad that the most common mediums of communication are either wide open (SMTP) or government-monitored (Facebook, etc.)
While this is inevitably part of any network, it's wrong to say that TOR, Freenet, etc. are solely or even primarily about this. I remember busts of people trading child porn on CompuServe, before the Internet even existed.
To quote the Freenet FAQ:
"What about child porn, offensive content or terrorism?
While most people wish that child pornography and terrorism did not exist, humanity should not be deprived of their freedom to communicate just because of how a very small number of people might use that freedom."
I have nothing to hide, so nobody needs to watch me.
And that's why they'll watch you.
And they don't watch actual criminals, because they know how to stay anonymous and secure.
Exactly
.
As I said many times, criminals do not need Tor or freenet, they use open proxies, hacked or open wi-fis, hacked or paid with stolen identities VPSes, botnets, stolen or hacked phones, etc.
That's the paradox.
While using tor, i2p or freenet will have you look like you have something to hide and be more likely to be spied on by your government (as it's pretty easy for them to know that you are using these networks) a 'good' criminal won't have that trouble.
But well, some lazy/small time criminals might use those networks too, that's maybe why their use is heavily monitored (as per snowden leaks)...
ok this is something i always think when it comes to TOR
how many exit nodes does TOR have ?
how much money does it take to "run" an exit node ?
.. ok ok i hear you ..they are not all in the good ol usa .. but with all the news coming out about foreign governments collaborating with nsa .. would it surprise you to learn that nsa can "lean" on them a little ?
so we are back to point 2 .. how much ?
well not a whole lot , infact , a shit load less than even that .
ok so now nsa has the money , and the ability and the "inclination" ..
if you were in that position would you not DO it ?
what i guess i am trying to say is .. TOR privacy is a myth.
EDIT: hell its a heck of a lot less than i had imagined
http://hackertarget.com/tor-exit-node-visualization/
https://metrics.torproject.org/relayflags.html?graph=relayflags&start=2014-09-20&end=2014-12-21&flag=Exit
not much if you can find provider which allows TOR exits (https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs)
Aaaand... As usual you have no clue, you do not even know how to write Tor.
If you are saying Tor can be hacked, it is susceptible to some attacks, some open source code has vulnerabilities, yeah, nothing is perfect, but it is much harder than over the clear internet which is stored for years or at least months, a goldmine for criminals all over, you do know that criminal hackers are much better than the government "protection" right? They lost their secret cables and many other things, what makes you so sure the data they gather on you is safer when there is much less incentive to make it so?
If you want the government and criminals to blackmail you, keep using http from your home IP. Maybe use windows too.
Well, it didn't, vanish over the weekend.
What is that link supposed to show? Just use SSL/TLS and maybe a VPN in addition, in case you are connecting to a node that is under surveillance.
This thing happened: https://lists.torproject.org/pipermail/tor-talk/2014-December/036067.html
From the same thread:
The likelihood of this being the work of law enforcement seems to
be lower than originally anticipated. This is good in many ways but
asks more questions than it solves right now. I am not going to
completely exclude the possibility of law enforcement involvement
though as there simply isn't enough information.
Support staff at the ISP have confirmed to me there has been
unauthorised access to my account. This could be down to the fact I
access the control panel often via Tor (yes, using TLS before anybody
asks), however it does raise the prospect of a non-LE person(s) being
behind this but does not explain why a chassis intrusion was detected
for example or anything else to do with on-board sensors.
Tor isn't broken. Stop panicking. The strength of Tor is that no
single party has the power to critically damage the network or to put
users at risk. If I believe I come across any such vulnerability, this
will be forwarded to the core developers immediately and patched.
Lessons from this incident: disable USB support in kernel on your dedicated server, don't login from tor on important accounts (it seems the owner's account may have been compromised by sniffing).
Anyway, point 3 is the important one.
And it will happen again. Nothing guarantees anything 100%, yet that is not a reason to give up hope and fight.