Jonathan Wilkes jancsika at yahoo.com wrote:
This has long been a chicken-or-egg problem. A general audience
(i.e.,
not digital security specialists) must know what hidden services do
before they get involved in hosting hidden services (or even using
them,
for that matter). But to know what hidden services do, a general
audience must be able to use hidden services that interest them. If
there aren't any that interest them, then consequently there's no
demand
for anyone to create them. So few people know what they do, outside
of
"hacking" and "omg darknet".
I do not agree that to understand what hidden services do that one
must use them or find using them interesting.
We're probably talking at cross-purposes. When I wrote "know what
hidden services do", I meant a potential user should know what a hidden
service can do to benefit them (or benefit their community). I don't
mean that a general audience should understand all the technical
details
you mention below, nor that Tor docs should try (and fail) to explain
those details to a general audience.
For a general audience to understand what hidden services can do for
them, there ought to be hidden services available which interest them.
Then users can _use_ the services and learn (in a basic sense) how they
work and why they exist. Otherwise one must explain complex topics
which are outside of the user's area of expertise, _plus_ contend with
the reality that many of the widely-known hidden services are shady or
disgusting. If you've ever tried to explain the importance of online
anonymity to a general audience, you'll understand what a difficulty
these two issues present. It's much more effective to show someone how
to browse using Tor, and guide them as they learn for themselves.
I, as well as many ancient astronaut theorists, contend, that the
explanation on the Tor Project's Hidden Services section of their
website needs to be more ... something [I was thinking 'Clear', but if
you understand the concepts, then it is most likely quite clear].
It starts out with a very simple claim about anonymity being the
purpose of using hidden services, but then, as it goes on to explain
how that works, it gets a bit confusing, mentioning things like
"rendezvous points", "relays", "circuits", "introduction points",
"hidden service descriptors", "public keys", "distributed hash
tables", "XYZ=16characters.onion", "one-time secrets"
"introduce/rendezvous messages", "entry guards", "entry nodes", &
"end-to-end encryption/decryption", which do not make sense to most
people [Dad].
If there were a hidden service that interested Dad, that doesn't
matter.
To me, understanding some of these concepts, it seems like a closed
network that overlays the internet protocol with a security blanket.
Well, it's an anonymity overlay. Security blanket is probably
misleading, as using hidden services aren't inherently more secure,
broadly speaking.
But is this accurate? Is this needed? How does this differ from
p2p, or does it then become p2p? Is it comparable to Dotcom's
Meganet, which is supposed to be non IP? Other than not using the exit
relays, what value does it provide that Tor on the regular web does
not?
As in the above example, both the whistleblower and Dad have some
degree
of anonymity when the content is posted using a hidden service. The
whistleblower cannot easily post content anonymously on the regular
web.
I don't know anything about Meganet.
Also, and this goes in a slightly different direction so ignore, why
is Tor using some relays to exit and not all?
Let's say you decide to run a relay. Would you want to click the
button
that only relays encrypted data within the Tor network (encrypted from
_your_ eyes, too), or should you click the button that makes your
computer fetch arbitrary pages from the regular web for anonymous Tor
users? Which would you guess requires less risk on your part?
I would like to communicate p2p but if scrambling my middleman
connections is the better [more secure] option then I would like to
know. Also, does this series of relays count as a third party,
ultimately classifying my content [whatever I am communicating] as
public knowledge?
I don't know the answer to that question.
Also, I think saying "Hey, fbook uses it." does nothing to help people
map the concept in their mind.
Oh, it most certainly does. I don't care how accurate you think your
map is-- when someone peruses the links on the hidden wiki, the theory
behind Tor rubs up against reality and the map gets blurred. Keep in
mind some of those links advertise content that can generate the most
intense emotional appeals out there.
So please do peruse the myriad responses on this list to the
inarticulate outrage over shady and disgusting hidden service content.
Find your favorite response and see how effective it is-- not in
"winning" your side of the argument, but in actually reducing people's
fears and enabling them to use Tor. Meanwhile I'll use the end-run of
"Facebook uses it", because practicing using a interesting hidden
service is IMO the best defense against emotional appeals.
Anyway, if there were a hidden service tailored to the needs of ancient
astronaut theorists I'm sure you could grasp all of this in less time
than it took me to write a response.
-Jonathan
Awesome,
SpencerOne