I think tor should not be used for anything of importance. What if tor allows code execution by design and it is heavily obfuscated?
On Sat, Sep 03, 2016 at 07:56:33PM -0600, Mirimir wrote: > So let's say that a bunch of us have Tor onion servers. They're linked > to each other via OnionCat with ip4ip6 tunnels. With IPv4 routing so > each can hit the others. And with iptables rules (IPv4 and IPv6) to drop > packets to/from everyone else running OnionCat. Maybe even > HiddenServiceAuthorizeClient/HidServAuth to lock down access. > > What might we do with that? We might create an overlay Internet, I > suppose. Given how long OnionCat has been around, there are probably a > few of those. I doubt that OnionScan[0,1] would see the connections, > given that there are no hyperlinks, and better, no unauthorized access. > > But more specifically, what? BitTorrent, for sure ;) LizardFS works, so > we could have private and shared cloud storage, backed by globally > redundant, erasure-coded storage. > > What about VPN services? Say, with two VPS linked via OnionCat. You hit > VPN server as an onion service, and exit through one of many redundant > VPS. We already have <https://i2vpn.eu/>. So maybe chain that with VPNs > via onion services. What do y'all think? > > And what about Freenet or I2P on an OnionCat network? Or one of the P2P > messaging apps? Or even old-school Mixmaster? > > Back to basics, would any of that help against global adversaries? It's > very hard to evade observation of network edges. You can have lots of > chaff, but then that itself can be a signature. > > [0] https://github.com/s-rah/onionscan > [1] > https://motherboard.vice.com/read/these-maps-show-what-the-dark-web-looks-like