Honest Tor

I haven’t paid a lot of attention to Tor, the anonymous communications tool, but this post by Nicholas Weaver on Lawfare remains interesting:

I have a strong civil liberties streak, but I cannot defend Tor hidden services.  The Tor project claims that hidden services, servers that only exist in the Tor network and act to hide the server’s IP, can protect activists and whistleblowers.  This is false.  Truly hidden Tor services (unlike Facebook which, although reachable as a “hidden service” does not actually attempt to hide the server’s IP address) are only useful for content that is unhostable anywhere on the general Internet.

If I want to host contact [content?] that annoys the Chinese I can use Amazon or even my home connection.  If I want to host content that annoys the United States I simply place my server in Russia.  It is only content which no country will tolerate and not even a “bulletproof” hosting provider like CyberBunker will host that benefits from hidden services.

Fortunately, I believe that there is a way around the problem of hidden services.  It is an open secret in the Tor community is that Tor is simply not designed to withstand global adversaries: someone who can see all the traffic as it enters and leaves the Tor network is assumed to be capable of deanonymizing the traffic.  This also implies that Tor is not capable of protecting against an adversary who generates the traffic which enters Tor and sees where the traffic leaves Tor.

He concludes:

Tor provides significant uses for those legitimately seeking anonymity or censorship resistance.  But hidden services represent a plague not only on the world at large but Tor itself.  “Tor is the tool of drug dealers and pedophiles” is powerful rhetoric that limits Tor’s more general appeal.

Powerful rhetoric indeed. It would make me pause thoughtfully before using Tor if I had such a need. Such services as Tor, if they’re to reach their potential, must be sensitive to the political winds. A whistleblower who feels the need for anonymity has to consider the possibility that they may yet end up publicly exposed, and if that happens they certainly don’t need false attributions that will cloud the issue they’re involved in.

So, if Nicholas is technically correct in his Tor assertions, it would probably serve Tor well to remove hidden services from their capabilities.

If they can. It’s possible that criminals have forced Tor developers to create hidden services.

Bookmark the permalink.

About Hue White

Former BBS operator; software engineer; cat lackey.

Comments are closed.