[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Marketing Tor (Was Re: For those using Tor with windows)
-----BEGIN PGP SIGNED MESSAGE-----
On Wednesday 16 November 2005 10:28 am, Eugen Leitl wrote:
> On Wed, Nov 16, 2005 at 09:56:33AM -0500, Jeffrey F. Bloss wrote:
> > I don't believe this is the case though. These three or four Tor clients
> > are being used as access points to the existing, free Tor network we all
> > know and love. They're using the network's anonymity, cover traffic, and
> > the bandwidth donated by node owners, for profit. If it were a private
> > network scenario I agree... it wouldn't be an issue at all.
> Allright, these are sleazy scumbags.
This is my overall impression of these people, to be sure.
So what, if anything, could be done about it?
> > I would certainly hope that at the very *least* a for-profit Tor node
> > would function as a public node, and help move "normal" Tor traffic along
> > with traffic generated by its customers.
> The problem is that you can't guarantee a given latency and throughput
> with a network outside your control.
Yes. Public forum comments from customers concerning latency problems and
replies from the owner(s) about how Tor nodes "have each their speed
limitations, amount of traffic they're handling, busy hours and often they
run other services too", is one thing that leads me to believe these are
access points to the public Tor network rather than a private network.
> Of course, one could also sell
> VServers connected with OpenVPN, with Tor/Privoxy which would participate
> on the network, when in use. Getting users to pay for the traffic they're
> not generating, even if it's relatively cheap (say, 0.20 EUR/GByte) won't
> be too easy, though.
I assume this is why these clients are not operating as public nodes... to
keep their customers from footing the bill for bandwidth consumed by
In my limited perception this would also appear to be somewhat of a security
risk, as real time connections could be more easily analyzed without the
added "mass" traffic. But that's another issue all together.
> > But as you say this is mostly a matter of personal ethics. Some people
> > have them, some don't.
> > I for one would be willing to pay for private network access, by the way.
> > :) I
> Do you think there's a business potential in a OpenVPN-based darknet?
I'm an enthusiast, not a privacy business person, so My opinion might be a bit
I guess when I consider it seriously I'd have to admit that the potential is
limited. You'd be drawing on nearly 100% private citizens and *maybe* a few
like minded organizations. That "business class customer" bread and butter
probably won't be there. Obviously, selling to mostly individual consumers
depends on raw numbers of clients, so....
The other side of the coin is as you say... servers and bandwidth are
relatively cheap and getting cheaper. If you have the cash it might be an
interesting social experiment.
That was the enthusiast speaking. ;)
> > of course, it would be nearly as secure as a free public supported
> > version with the notable exception that a commercial entity is a single
> > point of compromise. The conspiracy nut in me could envision a scenario
> > where an owner
> A few commercial entities peering traffic (I'll route yours if you route
> mine) would be quite immune against that attack.
I'd hesitate to say "immune", but it would certainly be a *huge* improvement
over a single entity. The more the merrier I would say. Compromising 3 is
harder than two, and I can see where the nature of Tor network traffic might
make it necessary to compromise all sub-networks at the same time.
Just curious, but would a dedicated network allow any sort of "transparrent
remixing" or packet reordering? Longer chains? Could these things be
implemented without a huge hit in performance? They'd' certainly be another
> I'm a bit pessimistic about users being ready to pay for commercial
> anonymizing services. We'll see..
I guess I am too, but if you take what's rumored as gospel there are some
"Anonymity" providers operating right now with customer bases in the 10's of
thousands. And they don't even offer any true anonymity as far as I'm
How many customers would you really need to break even? What's the bottom line
price tag on maintaining half a dozen servers? If it's do-able with a few
hundred subscribers I'd say you'd have no problem at all breaking even at
least. The fact that you're offering a high speed version of an acceptedly
secure service should sell your pay-for version pretty easily.
Hand crafted on November 16, 2005 at 11:05:31 -0500
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
-----END PGP SIGNATURE-----