[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and Google error / CAPTCHAs.

On 2 October 2016 at 11:01, grarpamp <grarpamp@xxxxxxxxx> wrote:
> I want to see more than one overlay network with "exit" feature,

So do I - totally agreed.

What I find useful when anyone says "We need more of X!" is to ask:

   "How many more of X?  How many X should there be in total? And what
constitutes X?"

If we had only one "single overlay network with exits" (let's just call
this a "proxy-network") - then we would be arguing on behalf of a single
"proxy network" for the whole of the internet.

From one perspective, as you note:

Tor is a singular easy target painted on the back of the internet.

…I will argue whether Tor is the **ONLY** proxy network for the whole of
the Internet, but I will agree that having a single proxy-network would
make it an enormous target.

Also: if we wanted a single proxy network for the whole of the Internet,
and if

I want more people on them, and by default.

...if we wanted it enabled by default, then what we are actually saying is
that there is a feature of "anonymity <blah blah blah>" which needs to be
hardcoded into TCP, because everyone would want it for every occasion.

This is clearly a nonsensical position - because I neither need, want or
desire the overhead of anonymity for the vast majority of my bytes - so
instead I am going to pretend that you wrote:

  Rewrite > "we need more than 1 proxy network, and want it easily and
widely, nearly ubiquitously available"

So now we need "more than 1" proxy network - but still, how many?

Well, if we had 7 billion proxy networks, that would clearly be too many.

With 7 billion proxy networks, there would be a 1:1 mapping of network to
person.  That would be bad, and would also be the degenerate case of
hardcoding proxy network technology into TCP/IP.

Correlation would lead to deanonymisation if every person used their *own*

So we need between "more than one" (ie: 2) and seven-billion proxy networks.

We still don't know how many.  How can we choose a number?

Well: what's beneficial in anonymity is for people to be lost in a crowd.
How big a crowd?

Well, to pick an arbitrary number, how about 1 million people?

1 million is not terribly big.  If something happens to 1-in-a-million
people per day, it happens 1350 times a day in China, 1200 time in India,
250 times in Indonesia, 318 times in the USA, 64 times in the UK, and so

But still one million people in a network would probably generate enough
traffic to make a stab at effectively burying signals and patterns in
noise.  One million people is a lot of digital poop.

Say we did a straight division, then: the 7 billion people of the world get
split into crowds of 1 million, so we need 7000 proxy networks to support

There's a number. Except: it's wrong.

It's wrong not only because we are pulling crowd-sizes (etc) out of thin
air, but also because of the divide-by-N split, and that not all of the
world uses the internet, but also that most traffic will not need anonymity
(else we'd be petitioning the IETF to amend TCP) so the at-any-given-time
proxy-network-using-communities would be smaller, yet would still need
dividing into crowds of "1 million" or whatever in order to smooth traffic
and bury access signals in noise.

So, to try and accommodate this, we need a fudge factor which (again) I
will arbitrarily guess at between 10x and 100x.

Perhaps only 1-in-10 people need anonymity (etc) at a given time, perhaps
only 1-in-100.  Perhaps even less because of the lack of penetration of
advanced internet anonymity practices into *Darkest Peru and other parts of
the world.

So that means we need between 700 and 70 proxy networks to protect the
anonymity of the world.

It's a wet-finger-in-the-air number, and subject to argument, but it's at
least a ballpark.

And now I start counting: Tor, I2P, Psiphon, TunnelBear, all those proxy
networks which are designed to let people watch TV when they are not in
their home country <cough/>

I am pretty confident that I could count up to 100 of those proxy networks,
which is a number which exists within the ballpark that I calculated above.

So I am not ever going to bitch about how many networks we need to have,
since my guess of how many we "need" approximates reality.

Perhaps instead I could bitch about is 'Market Dominance' of Tor?

Certainly I have seen a lot of that on Twitter lately; folk who worry about
concentrations of power and influence amongst people for whom they did not
vote (...though I am not sure that voting makes it any better, often worse)

So we should take that million+ people that Tor already has, and break it
up in order to foster more networks?

But - given what we wrote above - that sounds counterproductive to our
goals.  We want big crowds of about that size.

So: there are about enough proxy networks, and we should not fragment Tor.
What should we do?

Good question.  My take: innovate and evangelise, stop pretending that

Shoot any user-experience consultants who tell us that people can't deal
with complexity & nuance.

Use & improve Tor for access to Onions & for the clearnet.

Foster & support I2P for... well, whatever I2P is good at. I have no
interest in filesharing and a major valueprop of Tor to me is bridging to
clearnet through exit nodes, having a namespace which intersects the rest
of the web and uses unmodified HTTP - so I've not done more than fire I2P
up a few times. I'd like to go play with it but I am missing a reason to do

Create _new_ stuff.  That'd be superb.  Just don't try to be like the early
Torfork weenies, proclaiming that they would split the Tor userbase (and,
presumably, onion namespace) and that this would be "progress".

Returning to the topic:

> community just totally savaged CF, with the entirely predictable result of
> The blurry cowspot impossible repetitive "trtruullm yrtllmnnr"
> captchas set themselves on fire for that, no community needed.

No argument there.


> And for account based services, I expect far more...
> We want the accounts, without phone.
> Then I want graduated service enablement based on human
> pattern heuristics... participation, length of time, kbd / click data,
> backoffed captcha intervals, bitcoin deposit with automatic
> return schedule, user realness ratings by other users, etc.

Oh, that's *bullshit* - I know you as a serious argumenter in favour of
privacy rights, Grarpamp, so let me respin what you are calling for in
terms that you might revolt against:

#STRAWMAN "<social networks> are creating databases of user interaction
behaviour - your typing speed, how long you take to solve a captcha - in
order to track you and deanonymise you"

The issue is that "authentication" and "deanonymisation" are from many
practical perspectives **exactly the same thing**.

I am with you on "graduated service enablement" as a fine goal - that if
you have only authenticated to a weak level, you should only be permitted
to do less-harmful things; but this again is an area where it is helpful to
shoot the user-experience researchers who tell you that people cannot cope
with a bank transfer failing when they try to do it over SMS but not over
Wifi, from the same app.

These have real and rather unprogrammable / rising costs
> to illegitimate users / bots.
> For such services, I want canceling of accounts, not canceling of IP's.

To reduce harm and cost, sometimes you will get a little of both.  The wise
company will treat blocking of known-proxy-network IPs differently from
those which are more inarguably evil.


> The top sites in every category all have staff and budget
> that could implement some levels of this, they just don't.
> Because in my opinion, they don't give a shit. Their brains,
> singularly and collectively, are programmed to be and act
> negatively "how can we reject", not positively "how can we
> include".

I think you are saying similar things to me, but perhaps from a far more
judgemental place.

You can't blame people who don't know about Tor and similar technologies,
from blocking the IP addresses associated with it.

Solution: make Tor more well-known, and associated with social enablement
and do-gooding.

> It's old school top down
> kill focused and at the earliest stage.

Chocolate is a good treatment for cynicism.  :-)

They need insider people (the Alec's) at their insider corporate
> conferences and roundtables telling them real users / anons
> of anon / real / vpn / wifi networks, and some solutions exist.

It's lovely of you to say that, but it's wrong.

Parachuting clones of me into organisations is not what changes things.

That's a quick-fix mentality which will fall short.

The solution - what I have sought to do - is explain to peers what Tor is,
and demonstrate to them with graphs and charts how... yes, there is shit
and spam and scraping which comes through Tor, but there are also these
*other* people who use the service and who need especially it in sudden
rushes when bad things happen, so we need to build things such that
accommodations are made for that.

You have to fix the *culture* and *perception*, not parachute-in a
Muffett-shaped widget.

    - alec

*Paddington Bear. Likes Marmalade. Dislikes Internet.

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to