[Freedombox-discuss] Tor .onion domains

[Sam Hartman]

I certainly think it is important for the freedombox to support TOR. In
particular, a freedombox should be able to act as a TOR relay or
potentially even a TOR exit node.

However, I think even if you talk to the TOR project they'll agree that
you should not use TOR by default, nor enable being a TOR node by
default.  Here are some of the reasons:

1) Network level anonyminity isn't. To provide anonymous web browsing,
TOR requires significant cooperation from the browser. Without that,
linking two sessions, or linking a session made using TOR with a session
from the same person made without TOR is reasonably easy. TOR cannot be
assude (and in many cases can trivially be shown not to) provide
anonyminity to another application.

2) TOR's performance is significantly slower than well, anything
else. If you're not getting a real benefit from TOR, it is not worth
using. For things that are not anonymous communication, VPNs, simpler
overlay networks and other higher-performance solutions provide a better
solution.

3) TOR has scaling issues. TOR depends on a central directory service;
there are limits on how lanrge the TOR network can scale. It is my
understanding that addressing some of these issues are areas of ongoing
research and engineering. However, they are not areas of production
code.

4) TOR has issues with anything other than stock TCP. Things like IPv6,
UDP, stun/ice, efficient media trasport for VOIP all have their place in
our project. Relying on TOR for everything requires we give these up.


5) There are tracking issues TOR introduces. In some cases knowing
someone is using a freedom box may be an interesting thing to hide.

So, I think TOR is great. However I think we should use TOR where TOR is
a good fit.