Hello list members,
for simple - political - reasons, i began contributing otherwise wasted bandwith to the tor network about half a year ago. And i am reading this list.
Lately, there has been a discussion (Intrusion Prevention System Software - Snort or Suricata), that brought up some opinions about tor, more or less focused from a technical point-of-view. Interesting to me (the noob, that i am) was the belief, that tor was ok (as some seem to think). I am very much less optimistic:
From the information, i can gather on my own personal computer, i can
see, that almost every operating system sends out greetings to servers in akamai's reach, a company that happens to have contracts with microsoft and whatnot. Reading about their business, i find every reason to believe, that the time to fight for anonymity on the net is long gone, that security - even from their perspective - needs more resources than any individual will ever be able to have at its disposal. Also, i am aware of the possibility to get tracked by the telecommunication provider anytime and without me noticing it.
My conclusion has been, that i am maybe 30 years too late in my activity to support tor - as a simple relay -. And the companies that seem to have most control over the internet (like google, akamai, and others) are in the process to control more and more of it, and only for that reason are fighting against malware like viruses and bots, and of course also fighting tor (by using honeypots as well as intrusion into the community to get as much information as possible about the people trying to hide in anonymity).
This seems to be so true to me, that i begin to feel _guilty of nourishing false hopes_, that any individual could feel safe by using tor, irrespective of where and how legitimate/needed their requests are originating from. Seriously, i am beginning to think, that tor may be somewhat outdated nowadays, basically operating on old assumptions, about how the net was organised merely a decade ago. And not taking into account the reality of today, where our little community may not be all too useful any longer. Hard to hide some disappointment, as i used to be a developer many years ago, and find that no one - apart from myself - refuses to cooperate in the process of accumulating data, which provides the basis for semi-automated analysis later, and help some authorities to excert power and control over the population living on this planet.
As my son very correctly said (btw: on his mobile! ;-)) : "Today, life begins, where there is neither computer nor electricity, but meeting with friends." ...until the earth observing satelites will be able to discern individuals. :-(
Can anyone get me out of this pessimistic viewpoint?
If not, i am seriously reconsidering the futile attempt to engage into offering something to the net, that could lead to unveiling users activities opposed to what tor seems to promise.
Sorry for thinking out loud, but seriously worried about my own simple-mindedness. The operator of "NewTorKidOnTheBlock"
Tor is not perfect and everyone would be wise to learn as much as possible about its limitations (I'd start here: https://www.torproject.org/download/download.html.en#warning). It's still a very useful privacy tool though.
Snowden: "I think Tor is the most important privacy-enhancing technology project being used today. I use Tor personally all the time. We know it works from at least one anecdotal case that’s fairly familiar to most people at this point. That’s not to say that Tor is bulletproof. What Tor does is it provides a measure of security and allows you to disassociate your physical location."
Dear operator of "NewTorKidOnTheBlock",
On Fri, Oct 07, 2016 at 10:25:31PM +0200, torserver@datakanja.de wrote:
From the information, i can gather on my own personal computer, i can see, that almost every operating system sends out greetings to servers in akamai's reach, a company that happens to have contracts with microsoft and whatnot.
I share your concern over the current trend with commercial website creators to include lots of content from third party websites. Anyone who has seen a visualization like LightBeam https://www.mozilla.org/en-US/lightbeam/ will understand you – whatever websites you visit, many of them will include content from a handful of CDNs such as Akamai and other trackers.
If not, i am seriously reconsidering the futile attempt to engage into offering something to the net, that could lead to unveiling users activities opposed to what tor seems to promise.
A false sense of security can be very dangerous indeed. However, I would not throw out the baby with the bathwater. TorBrowser is more sophisticated than you think. For each domain you visit, it creates a different circuit. This means that not only will each of the domains you visit see a different source IP, but in each case, Akamai (etc.) will see a different source IP as well. Of course, a dedicated attacker could still try to identify your browser by employing fingerprinting techniques, but TorBrowser tries to minimize these dangers, too.
So I tend to agree with Green Dream and Ed Snowden on this matter.
Cheers, C:
torserver@datakanja.de:
From the information, i can gather on my own personal computer, i can see, that almost every operating system sends out greetings to servers in akamai's reach, a company that happens to have contracts with microsoft and whatnot. Reading about their business, i find every reason to believe, that the time to fight for anonymity on the net is long gone, that security - even from their perspective - needs more resources than any individual will ever be able to have at its disposal. Also, i am aware of the possibility to get tracked by the telecommunication provider anytime and without me noticing it.
The entire point of tor is that (in theory) anyone who can see who you are, can't see what you're doing, and anyone who can see what you're doing, won't know who you are. But: tor works at a routing level, and you can be deanonymized through applications leaking data; this is why things like Tor Browser exist, to mitigate a large portion of this leakage. tor as a network seems to do a good job, probably the best form of internet anonyminity, much focus is on deanonymization on the application layer, simply because it has a wider attack surface and is more likely to return a better idea of the user's identity, than say, a potential IP address.
My conclusion has been, that i am maybe 30 years too late in my activity to support tor - as a simple relay -. And the companies that seem to have most control over the internet (like google, akamai, and others) are in the process to control more and more of it, and only for that reason are fighting against malware like viruses and bots, and of course also fighting tor (by using honeypots as well as intrusion into the community to get as much information as possible about the people trying to hide in anonymity).
Facebook, Akamai, Google, and others have all helped tor in some manner. Again, their tracking takes place at an application layer, and Tor Browser takes steps to lower their ability to do so.
This seems to be so true to me, that i begin to feel _guilty of nourishing false hopes_, that any individual could feel safe by using tor, irrespective of where and how legitimate/needed their requests are originating from.
You seem to be suffering from "Privacy fatigue."
Seriously, i am beginning to think, that tor may be somewhat outdated nowadays, basically operating on old assumptions, about how the net was organised merely a decade ago. And not taking into account the reality of today, where our little community may not be all too useful any longer. Hard to hide some disappointment, as i used to be a developer many years ago, and find that no one - apart from myself - refuses to cooperate in the process of accumulating data, which provides the basis for semi-automated analysis later, and help some authorities to excert power and control over the population living on this planet.
Push for the turn: Many are complaining modern webpages are bloated, causing everything from browser slowdowns, to unneeded data usage on mobile networks and spreading malware. If something like 'Flattr' can become popular as a way of supporting websites' income, it would pave the way to kick ads off.
On Fri, Oct 07, 2016 at 10:25:31PM +0200, torserver@datakanja.de wrote:
for simple - political - reasons, i began contributing otherwise wasted bandwith to the tor network about half a year ago. And i am reading this list.
If not, i am seriously reconsidering the futile attempt to engage into offering something to the net, that could lead to unveiling users activities opposed to what tor seems to promise.
Tor currently has its place at low-level privacy only (research other corporations, and you are sitting in a competitive corporation, for example), and perhaps a little darknet research, all only as long as larger adversaries such as the USA or other Goverments are not entities you must hide from.
For the future:
- if you don't own it, you don't control it - if you don't control it, it -will- be used against you
So, for longer term, we must build our own physical internet - N2N or Neighbour to Neighbour network.
One has to start somewhere, so your local residential street, corporate offices, etc. - build out your own nodes, volunteer to do this for your corporate partners and / or neighbours. Encourage others. Spread the word.
When 'the community' properly gets going in this direction, it'll probably be a good 10 years till we actually have widespread alternative physical networks, upon which Tor, I2P or future alternative virtual networks can be designed to work with, to increase privacy beyond what is possible today.
We start now, from what we have (our current status) as of now. Might seem silly to say this, but some folks balk at "our own phy network" saying "that's too big, we'll never get there" etc etc. Which is simply counterproductive and false fatalism, and arguably subversively undermining.
Remember to enjoy the journey :)
tor-relays@lists.torproject.org
-
Christian Pietsch -
Green Dream -
ncl@cock.li -
torserver@datakanja.de -
Volker Mink -
Zenaan Harkness