Now More Than Ever, We Need To Reinvest In Tor

At this point I think it's best to assume that seized sites were brought down through some combination of the following:

Bullets (1) and (2) mostly involve idiosyncratic risks that need to be managed by individuals and sites, and I expect Onymous will stimulate greater vigilance.

Bullet (3) though is something that affects everyone and is in many ways a public good, so there's less obvious individual incentive to improve/fix it. But given the international coordination that Onymous was supposedly executed with (including the FBI and Europol), I think it's best if we assume they are all running their own Tor nodes with the intention of trying to analyze the traffic to narrow down possibilities of where sites and individuals are located.

Any decentralized system can be disrupted if a sufficient number of nodes are maleovelent. Outside of technical sophistication of the protocol and its implementation in software, increasing the number of known honest nodes can help prevent this type of attack.

There have been questions about whether sites should migrate to an alternative to Tor (e.g., I2P or Freenet). Given the network effects that Tor currently benefits from and as I see it fairly similar problems with those alternative protocols, we should probably continue to invest in Tor for the time being.

So to keep this solution oriented, here are some great ways to support the Tor network:

In addition to supporting the above, you should also consider donating to fund TAILS development (they accept bitcoin as well)

TL;DR it's imperative that the DNM communities invest in more honest Tor nodes and funding to the Tor Project. Every honest node we have reduces the power of traffic analysis from a coordinated adversary.


Comments


[15 Points] evocansuckitmallllll:

Final words

The task of hiding the location of low-latency web services is a very hard problem and we still don't know how to do it correctly. It seems that there are various issues that none of the current anonymous publishing designs have really solved.

In a way, it's even surprising that hidden services have survived so far. The attention they have received is minimal compared to their social value and compared to the size and determination of their adversaries.

It would be great if there were more people reviewing our designs and code. For example, we would really appreciate feedback on the upcoming hidden service revamp or help with the research on guard discovery attacks (see links above).

Also, it's important to note that Tor currently doesn't have funding for improving the security of hidden services. If you are interested in funding hidden services research and development, please get in touch with us. We hope to find time to organize a crowdfunding campaign to acquire independent and focused hidden service funding.


[10 Points] None:

Someone should make a bitcoin mining pool just for donating the proceeds to tor....assuming that's not already a thing.


[4 Points] digitalmarauder:

Why Tor? I'd rather say let's give I2P a shot, especially in conjunction with OpenBazaar.


[2 Points] None:

Kind of thought maybe it was BS but if that guy that got busted for running the TOR relay is for real that's also something people should chip in for so he can lawyer up. Sounds like he won't be able to adequately defend himself.


[2 Points] a_wild_snatch_appear:

Had the idea for awhile, and granted my total grasp of tor is not advanced. If the exit nodes are the main source of concentration for le then limit the information that can be intercepted thru any individual node. Similar to BitTorrent, packets could be shortened and stunted through different exit nodes. This way, the pieces of data received, even if deciphered wouldn't amount to much without the other parts.

If that isn't enough then send out decoy packets that have the same signature but are jibberish when put back together. These 2 things would have a positive (further security), but at the cost of bandwidth on the network (slow transfer speeds, likely increased costs). If the added security would be worth the cost is where I am unsure.

Would be nice if someone created a kind of vpn service that shuffled ip addresses to counter the tracking of info thru exit nodes as well. Maybe they can tell what the message is, but not where it is going/came from.

I'm not sure how feasible these things would be and even if, they still need to be developed and that takes more time and patience than most anyone on the dnm's has to sacrifice.


[1 Points] MundaneInternetGuy:

This is good for bitcoin


[1 Points] bafflesaurus:

You realize that the feds fund a lot of Tor's development already right?


[1 Points] Taek42:

I don't know that this will be a popular opinion, but I'm not convinced that Tor is sufficient anymore. It's old technology, and it's starting to come apart around the edges.

It might be worth building a new anonymous network from scratch. I don't know enough about the options, but everything I can think of is over a decade old. (gnunet, tor, freenet, i2p), and the top three (tor, freenet, i2p) have held their position for years.

Maybe there are some qualified people out there who have ideas about starting from scratch. Those ideas might be a better long term investment.


[1 Points] bromadol:

Donated $10 everyone should pony up some drug money


[1 Points] CowboyFlipflop:

Freenet is intolerable.


[1 Points] None:

RemindMe! 4 weeks "donate"