{"id":7026,"date":"2016-12-06T14:08:18","date_gmt":"2016-12-06T20:08:18","guid":{"rendered":"http:\/\/huewhite.com\/umb\/?p=7026"},"modified":"2016-12-06T14:08:18","modified_gmt":"2016-12-06T20:08:18","slug":"honest-tor","status":"publish","type":"post","link":"https:\/\/huewhite.com\/umb\/2016\/12\/06\/honest-tor\/","title":{"rendered":"Honest Tor"},"content":{"rendered":"<p>I haven&#8217;t paid a lot of attention to <a href=\"https:\/\/en.wikipedia.org\/wiki\/Tor_(anonymity_network)\" target=\"_blank\"><em><strong>Tor<\/strong><\/em><\/a>, the anonymous communications tool, but this <a href=\"https:\/\/www.lawfareblog.com\/end-nit\" target=\"_blank\">post<\/a> by Nicholas Weaver on <em><strong>Lawfare<\/strong><\/em> remains interesting:<\/p>\n<blockquote><p>I have a strong civil liberties streak, but I cannot defend Tor hidden services.\u00a0 The Tor project claims that hidden services, servers that only exist in the Tor network and act to hide the server\u2019s IP, can protect activists and whistleblowers.\u00a0 This is false.\u00a0 Truly hidden Tor services (unlike Facebook which, although reachable as a \u201c<a href=\"https:\/\/facebookcorewwwi.onion\/\" target=\"_blank\" rel=\"nofollow\">hidden service<\/a>\u201d does not actually attempt to hide the server&#8217;s IP address) are only useful for content that is unhostable anywhere on the general Internet.<\/p>\n<p>If I want to host contact [content?] that annoys the Chinese I can use Amazon or even my home connection.\u00a0 If I want to host content that annoys the United States I simply place my server in Russia.\u00a0 It is only content which no country will tolerate and not even a \u201cbulletproof\u201d hosting provider like <a href=\"https:\/\/en.wikipedia.org\/wiki\/CyberBunker\" target=\"_blank\" rel=\"nofollow\">CyberBunker<\/a> will host that benefits from hidden services.<\/p>\n<p>Fortunately, I believe that there is a way around the problem of hidden services.\u00a0 It is an open secret in the Tor community is that Tor is simply not designed to withstand global adversaries: someone who can see all the traffic as it enters and leaves the Tor network is assumed to be capable of deanonymizing the traffic.\u00a0 This also implies that Tor is not capable of protecting against an adversary who generates the traffic which enters Tor and sees where the traffic leaves Tor.<\/p><\/blockquote>\n<p>He concludes:<\/p>\n<blockquote><p>Tor provides significant uses for those legitimately seeking anonymity or censorship resistance.\u00a0 But hidden services represent a plague not only on the world at large but Tor itself.\u00a0 \u201cTor is the tool of drug dealers and pedophiles\u201d is powerful rhetoric that limits Tor\u2019s more general appeal.<\/p><\/blockquote>\n<p>Powerful rhetoric indeed. It would make me pause thoughtfully before using Tor\u00a0if I had such a need. Such services as Tor, if they&#8217;re to reach their potential, must be sensitive to the political winds. A whistleblower who feels the need for anonymity has to consider the possibility that they may yet end up publicly exposed, and if that happens they certainly don&#8217;t need false attributions that will cloud the issue they&#8217;re involved in.<\/p>\n<p>So, if Nicholas is technically correct in his Tor assertions, it would probably serve Tor well to remove hidden services from their capabilities.<\/p>\n<p>If they can. It&#8217;s possible that criminals have forced Tor developers to create hidden services.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I haven&#8217;t paid a lot of attention to Tor, the anonymous communications tool, but this post by Nicholas Weaver on Lawfare remains interesting: I have a strong civil liberties streak, but I cannot defend Tor hidden services.\u00a0 The Tor project claims that hidden services, servers that only exist in the \u2026 <a class=\"continue-reading-link\" href=\"https:\/\/huewhite.com\/umb\/2016\/12\/06\/honest-tor\/\"> Continue reading <span class=\"meta-nav\">&rarr; <\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-7026","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/7026","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/comments?post=7026"}],"version-history":[{"count":1,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/7026\/revisions"}],"predecessor-version":[{"id":7027,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/7026\/revisions\/7027"}],"wp:attachment":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/media?parent=7026"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/categories?post=7026"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/tags?post=7026"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}