[Freedombox-discuss] Tor .onion domains

Bjarni Rúnar Einarsson bre at pagekite.net
Sun May 8 14:39:08 UTC 2011

On Sat, May 7, 2011 at 10:59 PM, Sam Hartman <hartmans at debian.org> wrote:

> I certainly think it is important for the freedombox to support TOR. In
> particular, a freedombox should be able to act as a TOR relay or
> potentially even a TOR exit node.
> However, I think even if you talk to the TOR project they'll agree that
> you should not use TOR by default, nor enable being a TOR node by
> default.  Here are some of the reasons:
> 1) Network level anonyminity isn't. To provide anonymous web browsing,
> TOR requires significant cooperation from the browser. Without that,
> linking two sessions, or linking a session made using TOR with a session
> from the same person made without TOR is reasonably easy. TOR cannot be
> assude (and in many cases can trivially be shown not to) provide
> anonyminity to another application.
> 2) TOR's performance is significantly slower than well, anything
> else. If you're not getting a real benefit from TOR, it is not worth
> using. For things that are not anonymous communication, VPNs, simpler
> overlay networks and other higher-performance solutions provide a better
> solution.
> 3) TOR has scaling issues. TOR depends on a central directory service;
> there are limits on how lanrge the TOR network can scale. It is my
> understanding that addressing some of these issues are areas of ongoing
> research and engineering. However, they are not areas of production
> code.
> 4) TOR has issues with anything other than stock TCP. Things like IPv6,
> UDP, stun/ice, efficient media trasport for VOIP all have their place in
> our project. Relying on TOR for everything requires we give these up.
> 5) There are tracking issues TOR introduces. In some cases knowing
> someone is using a freedom box may be an interesting thing to hide.

6) Tor introduces a *different* set of privacy/security risks from
traditional ISPs. This relates to 1), in that if you use the Tor network
incorrectly (transmit unencrypted data over it) then that data is completely
vulnerable to snooping by the exit-node operators. This is a serious issue,
because many common Internet protocols are plain-text by default and it is
far easier to set up a Tor exit node and start snooping traffic than it is
to infiltrate an ISP and start snooping the wires there. Anyone can do it,
and it has been shown in the past that anyone does. This is not a
theoretical problem.

Don't get me wrong. Tor is great. But if used incorrectly (and depending on
your threat model), it can be worse for your privacy/security than using the
"normal" internet.

So yes, let's use and support Tor.  But let's be sure to do it in an
appropriate way. :-)

Bjarni R. Einarsson
The Beanstalks Project ehf.

Making personal web-pages fly: http://pagekite.net/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110508/586435dd/attachment.htm>

More information about the Freedombox-discuss mailing list