[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Hidden service policies



(Aside: I think this thread is unrelated enough to tor-dev at this point
that I'm going to make this my last reply.)

That's too bad - I was only answering questions you posed yourself. Happy to continue debating off list. Still, I think discussion of features that could increase usage are on topic. There's a similar thread about creating social rewards for relay operators after all.

Re: technological attacks/partitioning. I did not respond to this because I didn't understand the attack you're proposing, that's why I asked for a step-by-step example against a hypothetical Snowden blog. But your answer starts with "first, you break Tor's security". That's not something that HS policies makes newly possible. If you can pwn the users TBB download or impersonate the directory authorities you win no matter what: ÂHS policies are irrelevant.

I don't think there's any new technical attack HS policies would open up, if they were done in the same way as exit policies. From the perspective of an HS trying to initialise, it'd just be equivalent to having a smaller network. As you already said you'd happily sacrifice the ~5000 nodes that don't exit traffic because they're harming Tor's anonymity, presumably a smaller network isn't a big deal for you?

If there's a specific technical attack that doesn't rely on general attacks against Tor, I'm still keen to hear a step by step example of how to do it.


Re: politics. Yes it's a largely political argument. That's fine: Tor is a political animal, it has got a lot of funding from organisations with explicitly political agendas, the "who uses tor" section on the front page is full of characters with political goals like activists and whistleblowers. Tor does not exist independent of politics - politics should inform its technical design decisions (and does already).


Re: TBB. The consequence of TBB not having any setting below "extreme" is not at all minimal, as you claim, it's a probably severe reduction in usage that could insulate Tor against political pressure. I claim this because in my former job I saw the different usage levels of HotSpot Shield vs Tor. Yes, for the small number of users who might get shot they need and should have that hard core, no compromises mode. For everyone else who would like some additional privacy but who isn't worried about getting shot, the consequence of Tor's current approach is that they just don't use Tor.

The same is true of other functions, like running a relay. Having knobs people can tweak is not weakness. It's acceptance of the fact that not everyoneÂwho wants to have privacy is Tank Man, and not everyone who wants to contribute to privacy feels ransomware/revenge porn sites are as worthy of protection as newspaper dropboxes.


_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev