[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Giving Hidden Services some love

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Giving Hidden Services some love
From: Jonathan Wilkes <jancsika@xxxxxxxxx>
Date: Thu, 01 Jan 2015 13:55:46 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 01 Jan 2015 13:56:28 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1420138553; bh=QTWgvkk6i2j104gZjcw8uIWiicds2HqHvmdfSOT7QsE=; h=Date:From:To:Subject:References:In-Reply-To:From:Subject; b=d+eGoQaCpsuwa7qI5OPQ6IHbvTXgNTDUYVqy9gTovDxM5iNnaUOy0oAcoOkZ7WosD43IJ+thhXq/2gGPnO2f32FJUveInVh13K2WpYZK7dNFeVQVS5gE7PyKca7lnfQCft0DpnUUibcisVXAJQivZxqiT0fz4JuWrpdc+/MErLijv8JkB4+jFCRmLop+GmtAxdKVrENlYHmN9h/CQaDRN8lac1kTCXaalkNUNMT1hhSvlq7d+dS+nes42FdXsIK8IS5mCubH8+rBmc0m/SUwerSxE7oid/BUbaOt+MnjkPylPqBWYNb5nQr1fYrVVFDJes3a6cwplpL3Xf0Tt1HxUg==
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=yahoo.com; b=c85/Cr03lF0OOK9bCzMXki7fgdnWIEQcEj/IA0JIXUrpbvSLfpFPA7Lp3VdvQWU9tj7l1UOYvqDdztt86RmK8vbKXKtRTp9ZMAjwG8sa6PO07mbIZcvGLfMhcL6tMEVstY826HR8ALmV2oy8gcxVB3Xf6kCAJvLmTuX9+l1RBPmgAkOc3/AVTEodwcxt/StRWK/uq2hSx78DXXdnh4Hl9HoG0rYFT2TCDebZUIWoxvtbTokoSkNiY6yM0VzvuCBJyYHuuDCXtjLELDaWzzMCK5Ge2sPSZHhjuL0RXTHBWL0Mxhw+KdMovf1PnCJd/OPGyBu6mzk2BEOGKUN1KvwtLQ==;
In-reply-to: <8ab12e346ebdbbb20e93e99943e2d543@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <8ab12e346ebdbbb20e93e99943e2d543@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.3.0

On 01/01/2015 10:54 AM, spencerone@xxxxxxxxxxxxxxx wrote:

Jonathan Wilkes jancsika at yahoo.com wrote:

This has long been a chicken-or-egg problem.  A general audience (i.e.,
not digital security specialists) must know what hidden services do
before they get involved in hosting hidden services (or even using them,
for that matter).  But to know what hidden services do, a general
audience must be able to use hidden services that interest them.  If
there aren't any that interest them, then consequently there's no demand
for anyone to create them.  So few people know what they do, outside of
"hacking" and "omg darknet".

I do not agree that to understand what hidden services do that onemust use them or find using them interesting.

We're probably talking at cross-purposes. When I wrote "know whathidden services do", I meant a potential user should know what a hiddenservice can do to benefit them (or benefit their community). I don'tmean that a general audience should understand all the technical detailsyou mention below, nor that Tor docs should try (and fail) to explainthose details to a general audience.

For a general audience to understand what hidden services can do forthem, there ought to be hidden services available which interest them.Then users can _use_ the services and learn (in a basic sense) how theywork and why they exist. Otherwise one must explain complex topicswhich are outside of the user's area of expertise, _plus_ contend withthe reality that many of the widely-known hidden services are shady ordisgusting. If you've ever tried to explain the importance of onlineanonymity to a general audience, you'll understand what a difficultythese two issues present. It's much more effective to show someone howto browse using Tor, and guide them as they learn for themselves.

I, as well as many ancient astronaut theorists, contend, that theexplanation on the Tor Project's Hidden Services section of theirwebsite needs to be more ... something [I was thinking 'Clear', but ifyou understand the concepts, then it is most likely quite clear].
It starts out with a very simple claim about anonymity being thepurpose of using hidden services, but then, as it goes on to explainhow that works, it gets a bit confusing, mentioning things like"rendezvous points", "relays", "circuits", "introduction points","hidden service descriptors", "public keys", "distributed hashtables", "XYZ=16characters.onion", "one-time secrets""introduce/rendezvous messages", "entry guards", "entry nodes", &"end-to-end encryption/decryption", which do not make sense to mostpeople [Dad].


If there were a hidden service that interested Dad, that doesn't matter.

To me, understanding some of these concepts, it seems like a closednetwork that overlays the internet protocol with a security blanket.

Well, it's an anonymity overlay. Security blanket is probablymisleading, as using hidden services aren't inherently more secure,broadly speaking.

But is this accurate? Is this needed? How does this differ fromp2p, or does it then become p2p? Is it comparable to Dotcom'sMeganet, which is supposed to be non IP? Other than not using the exitrelays, what value does it provide that Tor on the regular web does not?

As in the above example, both the whistleblower and Dad have some degreeof anonymity when the content is posted using a hidden service. Thewhistleblower cannot easily post content anonymously on the regular web.


I don't know anything about Meganet.

Also, and this goes in a slightly different direction so ignore, whyis Tor using some relays to exit and not all?

Let's say you decide to run a relay. Would you want to click the buttonthat only relays encrypted data within the Tor network (encrypted from_your_ eyes, too), or should you click the button that makes yourcomputer fetch arbitrary pages from the regular web for anonymous Torusers? Which would you guess requires less risk on your part?

I would like to communicate p2p but if scrambling my middlemanconnections is the better [more secure] option then I would like toknow. Also, does this series of relays count as a third party,ultimately classifying my content [whatever I am communicating] aspublic knowledge?


I don't know the answer to that question.

Also, I think saying "Hey, fbook uses it." does nothing to help peoplemap the concept in their mind.

Oh, it most certainly does. I don't care how accurate you think yourmap is-- when someone peruses the links on the hidden wiki, the theorybehind Tor rubs up against reality and the map gets blurred. Keep inmind some of those links advertise content that can generate the mostintense emotional appeals out there.

So please do peruse the myriad responses on this list to theinarticulate outrage over shady and disgusting hidden service content.Find your favorite response and see how effective it is-- not in"winning" your side of the argument, but in actually reducing people'sfears and enabling them to use Tor. Meanwhile I'll use the end-run of"Facebook uses it", because practicing using a interesting hiddenservice is IMO the best defense against emotional appeals.

Anyway, if there were a hidden service tailored to the needs of ancientastronaut theorists I'm sure you could grasp all of this in less timethan it took me to write a response.


-Jonathan


Awesome,
SpencerOne


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Giving Hidden Services some love
  - From: spencerone

Prev by Author: Re: [tor-talk] Giving Hidden Services some love
Next by Author: Re: [tor-talk] Giving Hidden Services some love
Previous by thread: [tor-talk] Giving Hidden Services some love
Next by thread: [tor-talk] Giving Hidden Services some love
Index(es):
- Author
- Thread