The Tor Project: Building the Next Generation of Onion Services

Hm, the problem with this kind of tools is that if you're not willing to read the documentation to get a good understanding of what you're doing, you might end up thinking you're secure instead of being secure which is the worst case scenario.

The Tor control port protocol let's applications setup a hidden service automatically; Bitcoin Core recently released support for this, automatically using hidden services for incoming connection to your Bitcoin Core nodes.

The real problem is that you _shouldn't_ be running bare Tor in front of a hidden service, at least not if you really want to be private. You need something like Whonix[1] to protect you from all kinds of server information leaks.

1: https://www.whonix.org/wiki/Hidden_Services

At least on Debian based systems, running Tor as a daemon is trvial.

There is even apt tor to fetch updates over Tor.

There hidden service config is pretty simple as well.

We should write more functionality for servers that let them setup hidden services via tor

It would be useful if someone wrote a wizard that could install a personal disk server without the user needing to know what software is involved or how to install it. A single click where for example owncloud is installed, linked to tor hiden services address and given to the user and/or installing a usb stick with tor-browser and a bookmark to the service. It would be outside the scope of tor project, and more in line of a useful native debian package.

The Tor hidden service setup process seems extremely simple to me.

First google result I get for "tor hidden service instructions" is https://www.torproject.org/docs/tor-hidden-service.html.en which explains the two config lines you need to add to create a hidden service

Literally all you have to do is add this into your config file.

  HiddenServiceDir /hidden/service/path
  HiddenServicePort $EXTERNALPORT $INTERNALIP:$INTERNALPORT

If you're hosting anything at all this shouldn't be even remotely difficult.

You can support Riseup who run exit node(s).

https://help.riseup.net/en/donate

If you want to donate towards the operation of "safe" exit/bridge nodes, consider donating to NoiseTor: http://noisetor.net/.

In addition to NoiseTor that @garrettr_ mentioned there is torservers.net [0]. Both are mentioned [1] as ways to support infrastructure by the Tor Project.

[0] https://www.torservers.net/donate.html

[1] https://blog.torproject.org/blog/support-tor-network-donate-...

Donate to torservers.net. They are well known, frequent hacker meetings and partner up with other organizations in this space.

Current evidence suggests it's doing OK for now. The slides from the Snowden leaks showed the NSA was unable to compromise the core infrastructure by controlling relay and exit nodes, excepting a few cases. However, there are attacks a government-level entity can mount that Tor explicitly does not protect against, such as large scale passive scanning for traffic confirmation. It is not believed to be possible to beat such monitoring without compromising latency.

The combination of watering hole attacks and internet scale packet timing collection is pretty big problem for the security of Tor users.

Fortunately Internet wide timing attacks are mostly a Five Eyes and domestic Chinese capability. Chaff, padding etc can help here.

Compromising the servers of target services and using that a platform to distribute anonymity stripping malware is also a problem. The Firefox codebase that TBB is based isn't awesome from a security point of view. Hopefully the Firefox code base can catch up from a security perspective and give them something better to work with.

The randomness will be used to defend against knowing in advance what nodes are responsible for the HSDir entries in the hashring (allowing DoS and statistics gathering). If an attacker knew the next numbers, then this protection would be broken (but none of the other important protections would be broken).

Given to my knowledge they still have no way to insure the exit nodes are not control by a single majority, no idea why this would be any different.

Interesting. Can you give an example of how a security enhancing protocol can be end up degrading security?

As far as I understand, the distributed randomness will only be distributed on the 11 trusted directory servers (where you get your node manifest from). So you don't need to worry about malicious nodes killing the randomness.

Bandwidth and machine time is not the biggest hindrance for running a tor relay or exit node. The muddy legality in most countries is.

Tor is a solution for both anonynmity & privacy and censorship evasion. I2P is oriented primarily towards anonymity and privacy.

I2P has an attractive anonymous service design and can run applications like Bittorrent over it. But it also developed basically by 3 people in New Zealand.

Tor has more funding b/c of censorship evasion features being attractive to funders. Successes in the anonynmity feature set like SecureDrop. A vibrant academic community with conferences etc. Lots and lots of review from the external crypto and security community. A deep well of technical talent.

Respectably, no tool - be it I2P's garlic routing, Tor's onion routing or anything else - could ever provide "complete untraceable anonymity"; that is a huge (and potentially very harmful) misunderstanding of what these techniques can do, I strongly encourage you to learn more about them to correct that misconception.

Both projects have designs which have inspired each other and have relative advantages and disadvantages. Technically, I like I2P, but I accept I may be somewhat biased there. Practically speaking, Tor has a much larger anonymity set because it is far more widely used and receives more support, with very well-established volunteer outproxies. I would never criticise anyone for contributing to either: Tor in particular has the widest practical impact of any tool in this space.

This distributed random idea is a very impressive achievement; I'm glad to see it work in the wild! Congratulations.

I'm not sure what you mean about "stigma". Any reasonably effective solution in such a politically-charged space as the anonymity and privacy of human communication is likely to become controversial to some degree.

Anything that replaces Tor will get the stigma of Tor.

I've heard that I2P tends to add experimental features that don't have any rigorous analysis of the privacy impact. So there's that.

> offering complete untraceable anonymity

Your argument falls apart the moment you claim this.

I think tor has more marketing and mindshare than I2P, and thats why you see tor more than it. I would like to see a more in depth comparison of the two, do you know of a good one?

Isn't I2P still "peer-to-peer" by default? That is, the fact your IP is connected to I2P is broadcast to everyone. That makes every disconnection an opportunity to trace you, directly and by elimination. It's especially bad with torrents, which are probably the most popular use of I2P.

How does I2P defend against traffic analysis attacks?

Didn't read that way to me. Read like they normally use VMs on their computer to have a "testing tor net", but decided to set up actual distributed nodes for testing this. More like, "Hey look, this is nifty", rather then "Ugh, it was so hard to set this up"

Quite a few VPS providers and ISPs will block TOR services out of the gate.

Here's their overview page: https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISP...

Where would the funds to run the servers come from?

Why do you believe these "cheap" servers would be secure?

> They are describing getting 11 nodes like some sort of struggle.

Where are they doing that? I see nothing the like in the article. Only that this was the first time they did a test of that scale, not that there was anything preventing them from doing it earlier.

And they also explicitly prohibit using Tor, it's right in their ToS => https://quadhost.net/policies/terms-of-service/

Many of the cheap (read: sub $10/year) OpenVZ VPS offerings prohibit ANY type of Tor traffic, even use of a client (such as torsocks) - I've used many of them, and they are quick to detect and suspend based on traffic analysis.

The security of the Tor network depends on diversity of relays and exit nodes. If the Tor project ran all nodes, then that is low sysadmin diversity (but high network and jurisdiction diversity) and thus lower security.

In addition to what other replies have said, using their own computers has the advantage of testing on a variety of systems, environments, and connections. VPS would be fairly monolithic.