On 1/29/2013 6:48 AM, Katya Titov wrote: > Raynardine <raynardine@xxxxxxxxxxx>: > >> I do not like connecting to clearnet services from Tor. >> >> I am not alone in this. >> >> There are arguments about the reasons why Tor hidden services can be >> better than clearnet services for users as well, but that would derail >> this thread. > Ready to learn the downsides to this, as well as the benefits from an > all hidden service model. I apologize for the wait, I have a busy family life. To start with, clearnet sites have no real incentive to protect their users, as I have stated before. For proof of this, consider any public IRC network in existence. IRC networks really loath proxy users, especially Tor users, because Tor makes it easy. Some may argue that this is purely an administrative concern, that there are ways to ban disruptive users without gzlining all proxy users, but isn't that the case with all clearnet services? Clearnet website admins hate anonymous users, they see them as trouble. We make their lives difficult. Website admins generally like seeing your IP addresses, and don't like it when they change, they don't like it when you don't trust them with your privacy, and don't see a conflict when they blab to the cops. Clearnet site admins don't see that they have a responsibility, and that that responsibility is not to the authorities, it is to their users who trust them. Some other things to consider include the fact that security, of which anonymity is an important part, regardless of what so-called security professionals will claim, is only as strongest as the weakest link, and by this, i don't just mean the thinnest point in onion routing, which is just before the introduction point, where there is only a single layer of TLS, I also mean that if there is an activist or individual who uses his or her true legal name, and his or her pseudonym is casually associated with that true legal name, that person puts all real anonymous or pseudonymous individuals at risk, if for no other reason, then because that individual sees nothing wrong with telling everything he or she knows to the authorities. Surely, she thinks, there is nothing I could say that the authorities couldn't get from pulling it up on their own computers? The problem is people will be tricked into believing that you, like them, value anonymity as highly as they do, and you, like them, will protect not just your own anonymity, but their own. They are incorrect for believing this, but you are wrong for betraying that trust. Although Tor needs to be vastly redesigned and improved before I'd recommend that everyone use Tor location-hidden services for everything as a matter of course, I do believe that all services should be protected more the the users they expect to serve. Since those servers contain logs, hashes of passwords, or even worse, cleartext passwords, such as those contained by the XMPP administrators, they are an obvious target for Tor users, and Tor users are often involved in activism and global citizenship projects that make national government agencies nervous. It is important that Tor users be protected, and if Tor core developers and the administrators for the centralized Tor directories cannot understand that, they should find something else to do with their time.
Description: OpenPGP digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk