Roger, We have produced a commercial that should help explain the service we are offering. I have no intention of holding it out as onion routing unless we switch to onion routing, and I will elaborate on our website as to how the network works.
Would you be interested in a video that depicts how onion routing works? I've been toying with the idea of putting one together. Regards, Arrakis > On Sun, Mar 25, 2007 at 09:57:20AM -0600, Arrakis wrote: >> 2) Torpark is not commercial, it is totally free and open source. We >> simply offer an upgrade to get higher speeds than the tor network can >> provide. >> >> 3) The fact that trust isn't distributed is a positive, not a >> negative, because you don't have to trust everyone with your outgoing >> plaintext traffic. We have independent security auditors make sure our >> admins are not tracking anyone or doing anything malicious. > I'm leaving the licensing discussion alone for now, but I wanted to > respond to this technical point. Tor's security [1] comes from two > components. The first is its large and diverse user base -- as the user > base expands, the mere use of Tor doesn't narrow you down to a specific > user community or specific few people who are known to have fetched the > program [2]. The second is the diversity of the relays -- as the Tor > network expands, fewer adversaries are able to be in enough places on > the network to succeed at linking senders to recipients. > Now, it's still an open research question what metrics we should use > for these components (that is, how exactly we measure the security we > get from them), but my intuition is that after a certain point the first > component doesn't contribute much more to security -- meaning in Tor's > current state, its security grows primarily as the network grows. > And remember that by "being in enough places", I mean being in a position > to watch (or otherwise measure [3]) the traffic; the best attacks we know > right now only look at characteristics of the traffic flow [4], because > any sort of coordinated compromise of many relays is probably harder. > I'm not saying Tor's design is perfect. We are still grappling with > Sybil attack questions, and as you say we need to encourage our users to > employ end-to-end encryption and authentication when appropriate. And > we're still not happy that a widely dispersed attacker can probably do > very well against Tor. > But a central organization that administers all the relays, even if it > puts them in different places geographically, and even if it promises to > do perfect audits and employ only perfect people, aims for a fundamentally > different sort of security than Tor aims to provide. The traffic analysis > attacks above are still just as much of a concern, but insider attacks and > other attacks on/by the organization are now a significant question too. > You can launch a new single-hop proxy service, commercial or not, > proprietary or not. You can also launch a multi-hop service where you > control every hop. And the license of the Tor software lets you use it > if you find it useful for your purposes. But please don't deceive your > users by changing the security context and then encouraging them to think > that just because the Tor software is present somewhere in the picture, > they are benefitting from the type of security that Tor aims to provide. > --Roger > [1] By "security", I'm talking primarily about unlinkability here; > but that's a different thread. > [2] http://freehaven.net/anonbib/#usability:weis2006 > [3] http://freehaven.net/anonbib/#torta05 > [4] http://freehaven.net/anonbib/#danezis:pet2004
