top | item 8834208

(no title)

sickening, if unsurprising, that their only recommendation is to improve the public profile of hidden services rather than make any actual attempt to address abuse. would be nice to see them adopt something other than the Reddit-naïf position on the misuse of "free speech"/cryptography

discuss

ohmygodel|11 years ago

There is no magic bullet here. Here are the things you were probably thinking of and why they won't work:

1. Allow relays to apply individual hidden service (HS) blacklists: HS addresses are not necessarily public, can require authentication to connect to, and are trivial to generate (these are all extremely important properties for anonymous publishing in general). So these CP sites will go even more "dark" once the relay blacklists start being an annoyance. Not to mention that relay blacklists open up an obvious DoS opportunity.

2. Require credentials for HSes and revoke them if they are discovered to be serving CP: There is no apparent way to make identity creation costly in an anonymous world where we must be able to support relatively poor users (e.g. without much CPU, memory, bandwidth, money).

3. Allow authorities to selectively deanonymize certain users or service: There is no way this is going to work in a world where nobody agrees on who the authorities are or what constitutes a legitimate request.

The Tor Project is doing one thing about this problem that is consistent with their mission. They are making accessible safe but useful information about the world of hidden services. In fact, they have a whole funded project on it <https://trac.torproject.org/projects/tor/wiki/org/sponsors/S.... Note that this project includes such useful things as improved crawling support, global HS statistics, and discovering public .onion addresses.

batemanesque|11 years ago

to be honest I wasn't even thinking as specifically as these suggestions - not that any clear solutions occur to me either. but they should, at the very least, recognize that there is a problem that needs to be addressed. I'd like to think there's a less fatalist & more morally empowered approach available besides "forget it, jake, it's anonymous". side note, it's good to see someone here considering the needs of poorer users

pgeorgi|11 years ago

So what would be an "actual attempt to address abuse" with tor that isn't equivalent to shutting down the network?

Last I heard, they're happy for any volunteer to contribute and in a case like this, just having an "ideas guy" explain it to them might already be more than helpful, since this is no simple problem.

qnr|11 years ago

I wonder if it is possible to implement blacklists so that each relay operator may exclude their node from serving requests for hidden services they don't approve of.

E.g. a law abiding tor relay operator in Mauritania may decide to block the infamous underground apostasy discussion forum. It still remains accessible via other routes but the Mauritanian relay is now not involved with serving the site in any way.

mike_hearn|11 years ago

It is possible and I suggested they do just that, some months ago. It won't surprise you to learn that this suggestion went down like a lead balloon, with lots of people assuming I must be an NSA agent, evil, etc. They consider the possibility for nodes to control which HS's they support to be a vulnerability and want to close it.

Tor has exit policies, which are somewhat similar ... exits can choose not to handle certain kinds of traffic (or only handle certain kinds). However they also seem to believe that exit policies shouldn't exist and only do, because of "unreasonable" ISPs that care about abuse.

The people in the Tor community seem oblivious to the political risk they're taking on with the hidden service feature. They keep claiming that dissidents etc use hidden services in the abstract, but all the real world examples people are actually familiar with are the worst kinds of abuse. Recently they announced they'd received a tipoff that directory authorities might be seized. Nothing seems to have happened yet, but the apparent credibility of this threat should have set alarm bells ringing at Tor HQ. Given that HS' represent a tiny fraction of overall Tor traffic, there are virtually no legit hidden services and all the really horrible abuse Tor is famous for relies on it, they should consider just dumping hidden services entirely. Otherwise they're putting everything at risk for a minority feature few users really care about.

implr|11 years ago

To block a certain hidden service on a relay you need to know what is the hidden service you are relaying data to (obviously), which completely defeats all anonymity - a 'first hop' relay would basically be able to make a list of all hidden services visited by clients connected to it.

dogma1138|11 years ago

such thing will just make it easier for government agencies to identify both users and hidden services via traffic analysis, so it's unlikely to be implemented.

On the other hand both hidden services, and directories can perform a similar thing. Hidden Services can choose which directories they want to publish their address and identifiers too, this is part of the TOR HS protocol.

Directories can augment any request they get from the user and return what ever value they want, this is how you can cause effective DoS of the TOR network (or any other DHT implementation that does not enforce it's agency over core services) with very small resource investment.