[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Marketing Tor (Was Re: For those using Tor with windows)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 16 November 2005 10:28 am, Eugen Leitl wrote:
> On Wed, Nov 16, 2005 at 09:56:33AM -0500, Jeffrey F. Bloss wrote:
> > I don't believe this is the case though. These three or four Tor clients
> > are being used as access points to the existing, free Tor network we all
> > know and love. They're  using the network's anonymity, cover traffic, and
> > the bandwidth donated by node owners, for profit.  If it were a private
> > network scenario I agree... it wouldn't be an issue at all.
>
> Allright, these are sleazy scumbags.

This is my overall impression of these people, to be sure.

So what, if anything, could be done about it?

> > I would certainly hope that at the very *least* a for-profit Tor node
> > would function as a public node, and help move "normal" Tor traffic along
> > with traffic generated by its customers.
>
> The problem is that you can't guarantee a given latency and throughput
> with a network outside your control. 

Yes. Public forum comments from customers concerning latency problems and 
replies from the owner(s) about how Tor nodes "have each their speed 
limitations, amount of traffic they're handling, busy hours and often they 
run other services too", is one thing that leads me to believe these are 
access points to the public Tor network rather than a private network.

> Of course, one could also sell 
> VServers connected with OpenVPN, with Tor/Privoxy which would participate
> on the network, when in use. Getting users to pay for the traffic they're
> not generating, even if it's relatively cheap (say, 0.20 EUR/GByte) won't
> be too easy, though.

I assume this is why these clients are not operating as public nodes... to 
keep their customers from footing the bill for bandwidth consumed by 
outsiders. 

In my limited perception this would also appear to be somewhat of a security 
risk, as real time connections could be more easily analyzed without the 
added "mass" traffic. But that's another issue all together.

>
> > But as you say this is mostly a matter of personal ethics. Some people
> > have them, some don't.
> >
> > I for one would be willing to pay for private network access, by the way.
> > :) I
>
> Do you think there's a business potential in a OpenVPN-based darknet?

I'm an enthusiast, not a privacy business person, so My opinion might be a bit 
skewed. ;)

I guess when I consider it seriously I'd have to admit that the potential is 
limited. You'd be drawing on nearly 100% private citizens and *maybe* a few 
like minded organizations. That "business class customer" bread and butter 
probably won't be there. Obviously, selling to mostly individual consumers 
depends on raw numbers of clients, so....

<shrug>

The other side of the coin is as you say... servers and bandwidth are 
relatively cheap and getting cheaper. If you have the cash it might be an 
interesting social experiment.

That was the enthusiast speaking. ;)

> > of course, it would be nearly as secure as a free public supported
> > version with the notable exception that a commercial entity is a single
> > point of compromise. The conspiracy nut in me could envision a scenario
> > where an owner
>
> A few commercial entities peering traffic (I'll route yours if you route
> mine) would be quite immune against that attack.

I'd hesitate to say "immune", but it would certainly be a *huge* improvement 
over a single entity. The more the merrier I would say. Compromising 3 is 
harder than two, and I can see where the nature of Tor network traffic might 
make it necessary to compromise all sub-networks at the same time.

Just curious, but would a dedicated network allow any sort of "transparrent 
remixing" or packet reordering? Longer chains? Could these things be 
implemented without a huge hit in performance? They'd' certainly be another 
selling point.

> I'm a bit pessimistic about users being ready to pay for commercial
> anonymizing services. We'll see..

I guess I am too, but if you take what's rumored as gospel there are some 
"Anonymity" providers operating right now with customer bases in the 10's of 
thousands. And they don't even offer any true anonymity as far as I'm 
concerned.

How many customers would you really need to break even? What's the bottom line 
price tag on maintaining half a dozen servers? If it's do-able with a few 
hundred subscribers I'd say you'd have no problem at all breaking even at 
least. The fact that you're offering a high speed version of an acceptedly 
secure service should sell your pay-for version pretty easily.

- -- 
Hand crafted on November 16, 2005 at 11:05:31 -0500

Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
                                  -Groucho Marx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDe2c3RHqalLqKnCkRAqTUAJ41hMM1oXRo2ixwPHqdu7q5+LkttQCfaqb4
oVnzQ3rS6JqyH5ttKvbni8A=
=bDYY
-----END PGP SIGNATURE-----