[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Hidden vs Clearnet Services

On 1/29/2013 6:48 AM, Katya Titov wrote:
> Raynardine <raynardine@xxxxxxxxxxx>:
>> I do not like connecting to clearnet services from Tor.
>> I am not alone in this.
>> There are arguments about the reasons why Tor hidden services can be
>> better than clearnet services for users as well, but that would derail
>> this thread.
> Ready to learn the downsides to this, as well as the benefits from an
> all hidden service model.

I apologize for the wait, I have a busy family life.

To start with, clearnet sites have no real incentive to protect their
users, as I have stated before.

For proof of this, consider any public IRC network in existence.

IRC networks really loath proxy users, especially Tor users, because Tor
makes it easy.

Some may argue that this is purely an administrative concern, that there
are ways to ban disruptive users without gzlining all proxy users, but
isn't that the case with all clearnet services?

Clearnet website admins hate anonymous users, they see them as trouble.
We make their lives difficult.

Website admins generally like seeing your IP addresses, and don't like
it when they change, they don't like it when you don't trust them with
your privacy, and don't see a conflict when they blab to the cops.

Clearnet site admins don't see that they have a responsibility, and that
that responsibility is not to the authorities, it is to their users who
trust them.

Some other things to consider include the fact that security, of which
anonymity is an important part, regardless of what so-called security
professionals will claim, is only as strongest as the weakest link, and
by this, i don't just mean the thinnest point in onion routing, which is
just before the introduction point, where there is only a single layer
of TLS, I also mean that if there is an activist or individual who uses
his or her true legal name, and his or her pseudonym is casually
associated with that true legal name, that person puts all real
anonymous or pseudonymous individuals at risk, if for no other reason,
then because that individual sees nothing wrong with telling everything
he or she knows to the authorities.

Surely, she thinks, there is nothing I could say that the authorities
couldn't get from pulling it up on their own computers?

The problem is people will be tricked into believing that you, like
them, value anonymity as highly as they do, and you, like them, will
protect not just your own anonymity, but their own.

They are incorrect for believing this, but you are wrong for betraying
that trust.

Although Tor needs to be vastly redesigned and improved before I'd
recommend that everyone use Tor location-hidden services for everything
as a matter of course, I do believe that all services should be
protected more the the users they expect to serve.

Since those servers contain logs, hashes of passwords, or even worse,
cleartext passwords, such as those contained by the XMPP administrators,
they are an obvious target for Tor users, and Tor users are often
involved in activism and global citizenship projects that make national
government agencies nervous.

It is important that Tor users be protected, and if Tor core developers
and the administrators for the centralized Tor directories cannot
understand that, they should find something else to do with their time.

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list