Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Seth David Schoen]

Roger Dingledine writes:

> I think finding ways to tie onion addresses to normal ("insecure web")
> domains, when a service has both, is really important too. I'd like to
> live in a world where Let's Encrypt gives you an onion altname in your
> https cert by default, and spins up a Tor client by default to let users
> reach your webserver using whichever level of security they prefer.

Well, I'm still working on being able to write to the CA/B Forum about
this issue... hopefully we'll find out soon what that community is
thinking.

-- 
Seth Schoen  
Senior Staff Technologist   https://www.eff.org/
Electronic Frontier Foundation  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109   +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Jon Tullett]

On 30 August 2017 at 19:18, Roger Dingledine  wrote:
> On Wed, Aug 30, 2017 at 03:07:37PM +0100, Ben Tasker wrote:
>> So his suggestion is portrayed as not sacrificing much, but actually
>> sacrifices quite a lot.
>
> This is a really important point. Thinking of onion space right now as
> the sum total of all that it can be is cutting off all of the future
> innovation.

That's a very good way of putting it. Thanks Roger.


> I think finding ways to tie onion addresses to normal ("insecure web")
> domains, when a service has both, is really important too.
> I'd like to
> live in a world where Let's Encrypt gives you an onion altname in your
> https cert by default, and spins up a Tor client by default to let users
> reach your webserver using whichever level of security they prefer.

Doesn't that risk adding insecurity? If I trust a less secure channel
to authenticate the hidden service, then impersonating the hidden
service may become easier by providing a weaker point of attack, no?
It's not like there's a shortage of demos of people getting
LetsEncrypt (and other CA) certs they shouldn't.

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Jacki M]

This would also effect Onionshare’s user hosting anonymity, it would require 
file hosts to Reveal their identity or there onion address would keep changing.
onionshare 
> On Aug 30, 2017, at 10:18 AM, Roger Dingledine  wrote:
> 
> This is a really important point. Thinking of onion space right now as
> the sum total of all that it can be is cutting off all of the future
> innovation.
> 
> My claim isn't "onion services are 3% of Tor traffic, so don't get
> upset about anything you find on an onion service" -- my claim is "onion
> services are still very early in terms of adoption, and as is usual for
> many decentralized techologies the extra-early adopters are not great use
> cases, and that means we need to help the space grow, and as it grows,
> if we do it right, it will become more broad and thus more good".
> 
> One concrete example of an onion service that the proposed design would
> cut off is Ricochet. Ricochet users want longterm-stable identifiers,
> and they want the identifiers to be self-authenticating. And of course
> making every Ricochet user register and maintain a domain, plus run a
> webserver, is both silly and harmful.
> 
> This example also helps to illustrate why thinking of onion services as
> only websites also artificially constrains their future. What if your
> smart refridgerator registers an onion address when you first plug it
> in, and it's only willing to receive secure updates via that channel,
> meaning it has a hugely reduced surface area to attacks?
> 
> As Alec says, the list of "things that could benefit from having a safe
> communication channel" is both enormous and open-ended. People like to
> use phrases like "dark web" or "dark continent" to evoke mystery and
> intrigue, but really, do you want to use the communications channel where
> you know for sure that you're talking to the person you meant to talk
> to, and you know that it's hard for somebody to eavesdrop on the content
> or the metadata? Or do you want to use the communications channel where
> you don't know who you're talking to, you don't know who is listening,
> and you don't know whether somebody is modifying the traffic?
> 
> Calling onion services the "secure web" and everything else the "insecure
> web" isn't very catchy, so maybe we should settle on calling everything
> else (the places where you don't know who you're talking to or who's
> listening) "dark". :)
> 
> For those following along who haven't watched our 32c3 onion services
> talk, you might find it enlightening:
> https://media.ccc.de/v/32c3-7322-tor_onion_services_more_useful_than_you_think
>  
> 
> (The Defcon talk has a few more details about the next-generation onion
> service design, but I'm told the video for it won't be up for another
> couple of months.)
> 
> I think finding ways to tie onion addresses to normal ("insecure web")
> domains, when a service has both, is really important too. I'd like to
> live in a world where Let's Encrypt gives you an onion altname in your
> https cert by default, and spins up a Tor client by default to let users
> reach your webserver using whichever level of security they prefer.
> 
> And for those who made it this far down the mail, you might enjoy this
> historical tor-talk mail too:
> https://lists.torproject.org/pipermail/tor-talk/2015-April/037538.html 
> 
> (see the paragraph towards the bottom that starts "I should also make
> clear my opinion on some of the bad uses of Tor.")

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Roger Dingledine]

On Wed, Aug 30, 2017 at 03:07:37PM +0100, Ben Tasker wrote:
> So his suggestion is portrayed as not sacrificing much, but actually
> sacrifices quite a lot.

This is a really important point. Thinking of onion space right now as
the sum total of all that it can be is cutting off all of the future
innovation.

My claim isn't "onion services are 3% of Tor traffic, so don't get
upset about anything you find on an onion service" -- my claim is "onion
services are still very early in terms of adoption, and as is usual for
many decentralized techologies the extra-early adopters are not great use
cases, and that means we need to help the space grow, and as it grows,
if we do it right, it will become more broad and thus more good".

One concrete example of an onion service that the proposed design would
cut off is Ricochet. Ricochet users want longterm-stable identifiers,
and they want the identifiers to be self-authenticating. And of course
making every Ricochet user register and maintain a domain, plus run a
webserver, is both silly and harmful.

This example also helps to illustrate why thinking of onion services as
only websites also artificially constrains their future. What if your
smart refridgerator registers an onion address when you first plug it
in, and it's only willing to receive secure updates via that channel,
meaning it has a hugely reduced surface area to attacks?

As Alec says, the list of "things that could benefit from having a safe
communication channel" is both enormous and open-ended. People like to
use phrases like "dark web" or "dark continent" to evoke mystery and
intrigue, but really, do you want to use the communications channel where
you know for sure that you're talking to the person you meant to talk
to, and you know that it's hard for somebody to eavesdrop on the content
or the metadata? Or do you want to use the communications channel where
you don't know who you're talking to, you don't know who is listening,
and you don't know whether somebody is modifying the traffic?

Calling onion services the "secure web" and everything else the "insecure
web" isn't very catchy, so maybe we should settle on calling everything
else (the places where you don't know who you're talking to or who's
listening) "dark". :)

For those following along who haven't watched our 32c3 onion services
talk, you might find it enlightening:
https://media.ccc.de/v/32c3-7322-tor_onion_services_more_useful_than_you_think
(The Defcon talk has a few more details about the next-generation onion
service design, but I'm told the video for it won't be up for another
couple of months.)

I think finding ways to tie onion addresses to normal ("insecure web")
domains, when a service has both, is really important too. I'd like to
live in a world where Let's Encrypt gives you an onion altname in your
https cert by default, and spins up a Tor client by default to let users
reach your webserver using whichever level of security they prefer.

And for those who made it this far down the mail, you might enjoy this
historical tor-talk mail too:
https://lists.torproject.org/pipermail/tor-talk/2015-April/037538.html
(see the paragraph towards the bottom that starts "I should also make
clear my opinion on some of the bad uses of Tor.")

--Roger

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Jon Tullett]

On 30 August 2017 at 16:35, Andreas Krey  wrote:
> On Wed, 30 Aug 2017 15:55:36 +, Jon Tullett wrote:
>> On 30 August 2017 at 15:02, Andreas Krey  wrote:
> ...
>> > Facebook is a house. Tor is a street.
>>
>> Ah, a motoring analogy.
>
> Not at all. You usually don't even enter houses by car.

Speak for yourself, dude. I have a garage attached to my house. So there :p

For the pedestrians among us, however, there are laws controlling
behaviour, like jaywalking laws. Even as a non-motoring analogy my
objection would probably still be the same.

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Ben Tasker]

On Wed, Aug 30, 2017 at 4:08 PM, Joshua Case  wrote:

>
> > On Aug 30, 2017, at 10:36 AM, Ben Tasker  wrote:
> >
> >
> > Yup, or, it's entirely successful in it's aim and none but the most
> > determined can use the markets. Which results in the alienated users now
> > buying back off the street, getting a lower quality product and putting
> > themselves in greater physical danger. Essentially reclaiming the hold
> that
> > cartels and the like have historically held over the street (not that
> it's
> > weakend much, but any reduction is still a good thing).
> >
>
> While you do address it int hat last sentence, I think it bears thinking
> through. I’m not sure that the ‘cartels’ - these are not fear quotes, truly
> just ambiguity - have ever  been damaged, deterred, or even marginally
> diminished by the existence of anonymous markets.


Yup, sorry I used the term cartel there very, very loosely. The actual
cartels have just expanded their distribution methods to include the
markets (and why wouldn't they), as have any, err... local traders where
the opportunity allows. Not moved, just expanded (just as you might go to
the shops when you need something sooner than Amazon can get it to you,
you'd still see the guy on the corner from time to time).

What it has done though, is given people the opportunity to more easily
obtain drugs without having to wander to the dodgy guy on the corner (in
turn lowering the risk to themselves).



> In fact, the aspects of the hustle where the opportunity for violence
> presents itself most frequently with greatest amplitude is still between
> tribes of manufacturers and those that protect their interests in areas of
> the world where life seems to have a lower cash or bitcoin value than it
> does on the relatively rich street the average consumer lives on. In fact,
> they are now able to drive a market in relative comfort, while the industry
> itself still relies on bulk violence it has not been democratically granted
> to produced and traffic the product in bulk, step on it in transit and then
> sell it to the perisitent and dedicated retail folks with he technical
> sophistication and temerity to use these fleeting markets and access the
> users.
>
> Without total global decriminalization, this is just another layer of
> wool, protecting the rich consumer from the ugliness of the industrially
> produced of the red meat he consumes.
>
>
>
> >>
> >> This is "war on drugs"-type thinking.  Speaking as someone who to-date
> has
> >> never even smoked pot, this seems like an intensely dumb idea.
> >>
> >
> > Intensely dumb is about right. There are a good number of examples around
> > the world now of a better way to approach it, but it's going to be a very
> > long time before sense kicks in sadly.
> >
>
> I think I agree with this, but wouldn’t want any of us to kid ourselves
> about the outsourcing of violence, and the premium, classist nature of Silk
> Road type drug markets.


Oh, definitely. But you can't address violence in all areas at once, and
reducing it in one area (final distribution) inevitably means that some
will move upstream (due to increased demand, stemming from increased
convenience etc), and the violence that already existed upstream will
remain.



> Nice if you can afford it, right?
>
> They kind of ‘decriminalization’ without ‘legalizing’ leaves the armies of
> violent producers, the cartels, in tact, increasing the security wth which
> the end user can demand the product.
>
> My sense is that of the drugs of abuse in the north-east US (MASS, NY, NH
> ME) the ones I’m aware of anyway, in the most common, desperate and
> potentially violent circumstances an end user faces sell in increments that
> don’t move enough money to warrant taking the transaction online and still
> profiting. 5 or 10 dollar hits of dope are sold to the nearly sick. TOR
> drug markets are more for the experimental college kid, recreational users,
> rich suburban housewives that have pill habits and can afford to keep
> themselves up out of the muck. Even knowing roughly how much money passed
> and passes through there, it’s not even the tip of an iceberg were talking
> about, with respect to the behavior of the cartels or whit drives street
> level dealers, or is it? Am I missing the point?
>

No, I think you've got the point mostly. I think you're slightly
overestimating the size of the smallest measures being sold on some of the
markets, though prices tend to be a little higher (generally because of
increased quality, but also because the market will bear it), but there's
still a huge market in the real world too - both people who are unable to
access the online markets, but also the opportunists (i.e. I fancy
something tonight). Those who've got and have had a life-controlling habit
for quite some time are fairly likely to fall into the former group, and
are probably also amongst the most vulnerable in terms of being ripped off
or 

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Joshua Case]

> On Aug 30, 2017, at 10:36 AM, Ben Tasker  wrote:
> 
> 
> Yup, or, it's entirely successful in it's aim and none but the most
> determined can use the markets. Which results in the alienated users now
> buying back off the street, getting a lower quality product and putting
> themselves in greater physical danger. Essentially reclaiming the hold that
> cartels and the like have historically held over the street (not that it's
> weakend much, but any reduction is still a good thing).
> 

While you do address it int hat last sentence, I think it bears thinking 
through. I’m not sure that the ‘cartels’ - these are not fear quotes, truly 
just ambiguity - have ever  been damaged, deterred, or even marginally 
diminished by the existence of anonymous markets. In fact, the aspects of the 
hustle where the opportunity for violence presents itself most frequently with 
greatest amplitude is still between tribes of manufacturers and those that 
protect their interests in areas of the world where life seems to have a lower 
cash or bitcoin value than it does on the relatively rich street the average 
consumer lives on. In fact, they are now able to drive a market in relative 
comfort, while the industry itself still relies on bulk violence it has not 
been democratically granted to produced and traffic the product in bulk, step 
on it in transit and then sell it to the perisitent and dedicated retail folks 
with he technical sophistication and temerity to use these fleeting markets and 
access the users. 

Without total global decriminalization, this is just another layer of wool, 
protecting the rich consumer from the ugliness of the industrially produced of 
the red meat he consumes. 



>> 
>> This is "war on drugs"-type thinking.  Speaking as someone who to-date has
>> never even smoked pot, this seems like an intensely dumb idea.
>> 
> 
> Intensely dumb is about right. There are a good number of examples around
> the world now of a better way to approach it, but it's going to be a very
> long time before sense kicks in sadly.
> 

I think I agree with this, but wouldn’t want any of us to kid ourselves about 
the outsourcing of violence, and the premium, classist nature of Silk Road type 
drug markets. Nice if you can afford it, right? 

They kind of ‘decriminalization’ without ‘legalizing’ leaves the armies of 
violent producers, the cartels, in tact, increasing the security wth which the 
end user can demand the product. 

My sense is that of the drugs of abuse in the north-east US (MASS, NY, NH ME) 
the ones I’m aware of anyway, in the most common, desperate and potentially 
violent circumstances an end user faces sell in increments that don’t move 
enough money to warrant taking the transaction online and still profiting. 5 or 
10 dollar hits of dope are sold to the nearly sick. TOR drug markets are more 
for the experimental college kid, recreational users, rich suburban housewives 
that have pill habits and can afford to keep themselves up out of the muck. 
Even knowing roughly how much money passed and passes through there, it’s not 
even the tip of an iceberg were talking about, with respect to the behavior of 
the cartels or whit drives street level dealers, or is it? Am I missing the 
point? 

JC
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Ben Tasker]

On Wed, Aug 30, 2017 at 3:31 PM, Alec Muffett 
wrote:

> On 30 August 2017 at 15:19, Ben Tasker  wrote:
>
> >
> > Meanwhile, the drug-markets and other "vile" things he want to block will
> > carry on unabated because a subset of their users will put the effort in
> to
> > update a central resource weekly to note what the new address is. If that
> > user is an administrator, they could even sign the updates with a
> > predisclosed key to minimise the likelihood of you being lead to a fake
> by
> > a bad actor. So everyone else gets shot in the foot, while what he wants
> to
> > block only blinks briefly.
> >
>
> I entirely agree, but I feel that perhaps you missed one twist: that with
> the churn which comes with "dark" markets changing their addresses (and
> thus their reputational anchors) on a weekly basis, comes greater
> opportunity for their inevitable customers to be fleeced by sites (say)
> passing-off drugs cut with drain-cleaner as product, leading to a net of
> greater misery (and probably death) by trying to drive the matter
> underground.
>

Yup, or, it's entirely successful in it's aim and none but the most
determined can use the markets. Which results in the alienated users now
buying back off the street, getting a lower quality product and putting
themselves in greater physical danger. Essentially reclaiming the hold that
cartels and the like have historically held over the street (not that it's
weakend much, but any reduction is still a good thing).


>
> This is "war on drugs"-type thinking.  Speaking as someone who to-date has
> never even smoked pot, this seems like an intensely dumb idea.
>

Intensely dumb is about right. There are a good number of examples around
the world now of a better way to approach it, but it's going to be a very
long time before sense kicks in sadly.



>
> - alec
>
> --
> http://dropsafe.crypticide.com/aboutalecm
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
Ben Tasker
https://www.bentasker.co.uk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Andreas Krey]

On Wed, 30 Aug 2017 15:55:36 +, Jon Tullett wrote:
> On 30 August 2017 at 15:02, Andreas Krey  wrote:
...
> > Facebook is a house. Tor is a street.
> 
> Ah, a motoring analogy.

Not at all. You usually don't even enter houses by car.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Alec Muffett]

On 30 August 2017 at 15:19, Ben Tasker  wrote:

>
> Meanwhile, the drug-markets and other "vile" things he want to block will
> carry on unabated because a subset of their users will put the effort in to
> update a central resource weekly to note what the new address is. If that
> user is an administrator, they could even sign the updates with a
> predisclosed key to minimise the likelihood of you being lead to a fake by
> a bad actor. So everyone else gets shot in the foot, while what he wants to
> block only blinks briefly.
>

I entirely agree, but I feel that perhaps you missed one twist: that with
the churn which comes with "dark" markets changing their addresses (and
thus their reputational anchors) on a weekly basis, comes greater
opportunity for their inevitable customers to be fleeced by sites (say)
passing-off drugs cut with drain-cleaner as product, leading to a net of
greater misery (and probably death) by trying to drive the matter
underground.

This is "war on drugs"-type thinking.  Speaking as someone who to-date has
never even smoked pot, this seems like an intensely dumb idea.

- alec

-- 
http://dropsafe.crypticide.com/aboutalecm
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Ben Tasker]

On Wed, Aug 30, 2017 at 3:12 PM, Alec Muffett 
wrote:

> On 30 August 2017 at 15:07, Ben Tasker  wrote:
>
> > That's not quite the claim he's making though. He seems to be claiming
> any
> > "legitimate" (in his eyes) service shouldn't mind sacrificing their own
> > anonymity by being linked to a clearnet identity and becoming a
> "verified"
> > onion to avoid the rolling rotation.
>
>
>
> In other words: you have to pay-to-play in order to have security; pay for
> a DNS domain, be subject to takedown and
> spoofing-between-the-onion-verifier-and-the-attribution-site, and
> deanonymisation / doxxing / throttling / regulation / imprisonment via
> blocking payments to your hosting or DNS provider.
>
> To slave onionspace to the clearnet, in other words.
>
>
Succinctly put.

Yes, that'd be my reading of it.

The alternative is that you are free to speak/write, but no-one can ever
find you because your onion address will change every week, so any coverage
you might get of an issue will last, at most, a week.

Meanwhile, the drug-markets and other "vile" things he want to block will
carry on unabated because a subset of their users will put the effort in to
update a central resource weekly to note what the new address is. If that
user is an administrator, they could even sign the updates with a
predisclosed key to minimise the likelihood of you being lead to a fake by
a bad actor. So everyone else gets shot in the foot, while what he wants to
block only blinks briefly.





> - alec
>
>
>
> --
> http://dropsafe.crypticide.com/aboutalecm
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
Ben Tasker
https://www.bentasker.co.uk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Alec Muffett]

On 30 August 2017 at 15:07, Ben Tasker  wrote:

> That's not quite the claim he's making though. He seems to be claiming any
> "legitimate" (in his eyes) service shouldn't mind sacrificing their own
> anonymity by being linked to a clearnet identity and becoming a "verified"
> onion to avoid the rolling rotation.



In other words: you have to pay-to-play in order to have security; pay for
a DNS domain, be subject to takedown and
spoofing-between-the-onion-verifier-and-the-attribution-site, and
deanonymisation / doxxing / throttling / regulation / imprisonment via
blocking payments to your hosting or DNS provider.

To slave onionspace to the clearnet, in other words.

- alec



-- 
http://dropsafe.crypticide.com/aboutalecm
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Ben Tasker]

On Wed, Aug 30, 2017 at 2:55 PM, Jon Tullett  wrote:

>
>
> Wll. Sure. Except that the proposal here claims to be making life
> difficult for operators of illegal services without sacrificing any of
> the anonymity and security goals of the project.


That's not quite the claim he's making though. He seems to be claiming any
"legitimate" (in his eyes) service shouldn't mind sacrificing their own
anonymity by being linked to a clearnet identity and becoming a "verified"
onion to avoid the rolling rotation. He uses examples of some who've
already done that (by having an easily findable clearnet site - like
Facebook and DuckDuckGo) whilst sweeping other legitimate users under the
rug with a handwave of "they should be fine".

So his suggestion is portrayed as not sacrificing much, but actually
sacrifices quite a lot.

The comments are fairly telling as well, he notes that political dissidents
could just have a clearnet site in a "friendly" country to verify their
onion:

> For example the "China Dissident Blog" could choose a stable site hosted
in the United States or Europe and have it point to the current unvalidated
name. Or they can just use a friend's Internet site (located in a friendly
country) for the validated onion name.

Which (IMO) kind of overlooks the additional risk it puts onto them. That
site may be in a country that respects freedom of speech (and so will stay
up), but there's now another potential vector for their unfriendly
government to link their writings back to their real life identity.





> Presumably it's not
> the only possible suggestion, and they may well all be complete crap,
> but that's what I'm interested in. So, it's not a request to
> compromise on the goals (though it might do so anyway - Alec seems to
> think it would, and he would surely know better than me), and as such,
> what does the project think of it, is kinda where I was coming from.
>
> -J
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
Ben Tasker
https://www.bentasker.co.uk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Alec Muffett]

On 30 August 2017 at 14:45, Jon Tullett  wrote:


Hi Jon - in certain respects we have now hit the nub of the issue, repeated
twice / in two similar ways:

Version 1:

Ethical stuff gets murky awful fast, and is so full of
> strawmen. You're opposed to censorship? You must be pro-terrorism.
> Burn the witch!


Version 2:

> Should [being a corporation] privilege [a corporation's] access to good
> security and communications technologies, above that of (say) an individual?
>
> Well, that's an interesting discussion. I'm actually not sure how I'd
> answer it



Yep. Very murky.  I've already sedimented my position on this a few years
ago - my Twitter bio and other bylines have read "Everybody Deserves Good
Security" for maybe a decade - but I'll be interested to see what you come
up with.


Elsewhere:



> [...]That's what Krawetz is
> bringing up by pointing out what he sees as Tor's denunciation of one
> type of content where it has scrupulously avoided that in the past.
>


Yep; this is something I ascribe to the Tor Project acting to
counterbalance a prior few years of being mute on such topics.  As context
to the bigger debate of "the ethics of technology", I tend to ignore it as
window-dressing, in as much as I don't see IANA or IETF or W3C trotting out
denunciations of $GROUP for their $BAD_USE of DNS, TCP/IP or HTTP/S.

The "mea culpas" in that space have stopped with the various service
providers (Google, Cloudflare) rather than the technology providers.  Tor
in a sense has the rare distinction of being both.  Meh.

- alec


-- 
http://dropsafe.crypticide.com/aboutalecm
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Jon Tullett]

On 30 August 2017 at 15:02, Andreas Krey  wrote:
> On Wed, 30 Aug 2017 14:41:52 +, Jon Tullett wrote:
> ...
>> And yet Facebook itself actively engages in censorship,
>
> Facebook is a house. Tor is a street.

Ah, a motoring analogy. Now we're back in my comfort zone! I have a
kinda Godwinesque theory that the probability that an IT discussion
will resort to a motoring analogy tends to 1 as the discussion goes
on. Only without killing the thread, cos we don't hate cars, or
something. OK, even my analogy analogy doesn't work. Sue me.


> A house can set house rules (although an argument
> can be made that facebook should not be able to,
> given its ubiquity).
>
> Streets shouldn't regulate which houses you visit.

Ah, but...groups of houses - communities - can and do. Homeowners
associations, rules on noise, speed limits, controlled access to
suburbs, crosswalks, vehicle regulations - brakes, seatbelts,
indicators. In fact, you've managed to pick an astoundingly regulated
example to illustrate how deregulation is good :)

And to pick out contemporaneous news, the spate of car-related
terrorism attacks in Europe are likely to lead to more road-related
controls, like bollards and roadblocks. That's kinda road-censorship
in this context, no?


>> and cooperates with law enforcement when legally required to do so.
>
> Tor operators will cooperate in the same frame, except they
> don't have much do hand over. (Ideally facebook shouldn't
> either, as signal does(n't).)

Wll. Sure. Except that the proposal here claims to be making life
difficult for operators of illegal services without sacrificing any of
the anonymity and security goals of the project. Presumably it's not
the only possible suggestion, and they may well all be complete crap,
but that's what I'm interested in. So, it's not a request to
compromise on the goals (though it might do so anyway - Alec seems to
think it would, and he would surely know better than me), and as such,
what does the project think of it, is kinda where I was coming from.

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Jon Tullett]

On 30 August 2017 at 15:04, Alec Muffett  wrote:
> Hi Jon!
>
> On 30 August 2017 at 13:41, Jon Tullett  wrote:
>
> First is that the technical advantages of Tor are not in question, and
>> raising technical arguments in what quickly becomes an ethical debate
>> tends to polarize positions further.
>
>
>
> Did I do that? I don't think I did that.  If I did that, I didn't mean to.

I meant it more generally - pro-Tor arguments tend to become technical
fairly quickly. Possibly because they're easy - easy to raise, easy to
defend. Ethical stuff gets murky awful fast, and is so full of
strawmen. You're opposed to censorship? You must be pro-terrorism.
Burn the witch!


> What I meant to say, I suppose, after all that context, is that any
> mechanism which denies or filters the availability of those "technical
> advantages", to anyone who desires them, is tantamount to censorship.
>
> I say that not as an ethical statement.  It simply is true.
>
> Perhaps you can explain how it is not true?

I can't, because it is. However, that's the ethical argument - is
there a censorship line, and if so where? That's what Krawetz is
bringing up by pointing out what he sees as Tor's denunciation of one
type of content where it has scrupulously avoided that in the past.
It's worth noting that this is  already out of context; the comments
on the blog post clarify that the group feels bad about any "vile" use
of the network. Clearly (and probably the key point here) is that
feeling bad about it is not held to justify censoring it.

He'd probably counter that he's not suggesting _censorship_, just a
mechanism that would make life harder for illegitimate sites while not
outright knocking them offline. Which does sound an awful lot like a
first step towards a slippery slope, even before you get into the
conflicting definitions of what is legitimate and what is not.

Murky. Hence my curiosity to know Tor's official thoughts on it.


>> Second:
>> > Practical example: the point of the Facebook onion site is to provide the
>> > above-listed four benefits - plus a better quality of service - to people
>> > who choose to access Facebook over Tor; the point is to free the
>> > communications path from mediation of any form. To see this as a threat,
>> or
>> > to argue that "well maybe $THIS_SITE is okay, but $THAT_SITE should not
>> be
>> > afforded such protection" - is to call for censorship.
>>
>> And yet Facebook itself actively engages in censorship, and cooperates
>> with law enforcement when legally required to do so.
>
> Yes.
>
> It is a platform, and a corporation, and is bound by the laws of various
> countries and geographies.
>
> Should that privilege its access to good security and communications
> technologies, above that of (say) an individual?

Well, that's an interesting discussion. I'm actually not sure how I'd
answer it - issues like responsible disclosure spring to mind. Will
think on it.

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Andreas Krey]

On Wed, 30 Aug 2017 14:41:52 +, Jon Tullett wrote:
...
> And yet Facebook itself actively engages in censorship,

Facebook is a house. Tor is a street.

A house can set house rules (although an argument
can be made that facebook should not be able to,
given its ubiquity).

Streets shouldn't regulate which houses you visit.

> and cooperates with law enforcement when legally required to do so.

Tor operators will cooperate in the same frame, except they
don't have much do hand over. (Ideally facebook shouldn't
either, as signal does(n't).)

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Alec Muffett]

Hi Jon!

On 30 August 2017 at 13:41, Jon Tullett  wrote:

First is that the technical advantages of Tor are not in question, and
> raising technical arguments in what quickly becomes an ethical debate
> tends to polarize positions further.



Did I do that? I don't think I did that.  If I did that, I didn't mean to.

What I meant to say, I suppose, after all that context, is that any
mechanism which denies or filters the availability of those "technical
advantages", to anyone who desires them, is tantamount to censorship.

I say that not as an ethical statement.  It simply is true.

Perhaps you can explain how it is not true?



> Second:
> > Practical example: the point of the Facebook onion site is to provide the
> > above-listed four benefits - plus a better quality of service - to people
> > who choose to access Facebook over Tor; the point is to free the
> > communications path from mediation of any form. To see this as a threat,
> or
> > to argue that "well maybe $THIS_SITE is okay, but $THAT_SITE should not
> be
> > afforded such protection" - is to call for censorship.
>
> And yet Facebook itself actively engages in censorship, and cooperates
> with law enforcement when legally required to do so.



Yes.

It is a platform, and a corporation, and is bound by the laws of various
countries and geographies.

Should that privilege its access to good security and communications
technologies, above that of (say) an individual?

-a


-- 
http://dropsafe.crypticide.com/aboutalecm
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Jon Tullett]

On 30 August 2017 at 13:15, Alec Muffett  wrote:
> On 30 August 2017 at 10:51, Jon Tullett  wrote:
>
>> Blog post refers:
>> http://www.hackerfactor.com/blog/index.php?/archives/773-
>> Tor-and-the-Perfect-Storm.html
>>
>> Leaving aside the accusations of bias in the first part, what is the
>> view of the proposal to force hidden services to rotate addresses?
>>

Hi Alec!


> Simply, it's as short-sighted as any other perspective that sees Onion
> networking as an anonymity tool, rather than as a better-than-mere-TCP+SSL
> mechanism for providing communications privacy, integrity, availability and
> assurance.

Thanks for the thoughtful reply.

With a devil's advocate hat on for a moment, two things strike me.

First is that the technical advantages of Tor are not in question, and
raising technical arguments in what quickly becomes an ethical debate
tends to polarize positions further. And that doesn't help the
reputation issue, though I'm still not sure that's as big a deal as
some may think.

Second:
> Practical example: the point of the Facebook onion site is to provide the
> above-listed four benefits - plus a better quality of service - to people
> who choose to access Facebook over Tor; the point is to free the
> communications path from mediation of any form. To see this as a threat, or
> to argue that "well maybe $THIS_SITE is okay, but $THAT_SITE should not be
> afforded such protection" - is to call for censorship.

And yet Facebook itself actively engages in censorship, and cooperates
with law enforcement when legally required to do so. I know Facebook
corporate is acutely aware of the complexity of juggling
differently-defined (if not outright conflicting) legal expectations
of privacy across jurisdictions - providing access through Tor is
clearly not diminishing those obligations. That seems to suggest that
there is scope for middle ground, whatever that may be.

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Alec Muffett]

On 30 August 2017 at 10:51, Jon Tullett  wrote:

> Blog post refers:
> http://www.hackerfactor.com/blog/index.php?/archives/773-
> Tor-and-the-Perfect-Storm.html
>
> Leaving aside the accusations of bias in the first part, what is the
> view of the proposal to force hidden services to rotate addresses?
>


Simply, it's as short-sighted as any other perspective that sees Onion
networking as an anonymity tool, rather than as a better-than-mere-TCP+SSL
mechanism for providing communications privacy, integrity, availability and
assurance.


In case those terms need spelling out:

- onions provide circuit-level privacy on-par with the likes of VPNs, but
without the setup hassle.

- ditto, providing integrity at the circuit level, thereby inhibiting the
likes of (say) "sslstrip"

- availability of a service; I'm finding it interesting to consider that
the TCP/IP Internet requires the existence of companies (mentioning no
names) to provide DDoS mitigation, but sites which set up with Onion
addresses are getting comparable levels of DDoS mitigation for free*. Tor
blockproofing and (importantly) Onion DDoS-protection is pretty good.

- assurance: if you can type in the (static) Onion address, you know
immediately with whom you are communicating.


Proposals to undermine these qualities in the name of $GOAL are on-par with
Law Enforcement demands for "golden keys" to undermine the integrity of
end-to-end encrypted conversations**.

Practical example: the point of the Facebook onion site is to provide the
above-listed four benefits - plus a better quality of service - to people
who choose to access Facebook over Tor; the point is to free the
communications path from mediation of any form. To see this as a threat, or
to argue that "well maybe $THIS_SITE is okay, but $THAT_SITE should not be
afforded such protection" - is to call for censorship.

- alec



*For a Twitter thread in this vein:
https://twitter.com/AlecMuffett/status/899521422774722564

**For more on this thesis:
https://medium.com/@alecmuffett/tor-is-end-to-end-encryption-for-computers-to-talk-to-other-computers-34e41d81c9e2

-- 
http://dropsafe.crypticide.com/aboutalecm
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Jon Tullett]

On 30 August 2017 at 12:13, I  wrote:
>> Separately, I'm personally curious about Tor's reputation. Sure, some
>> people paint it as a wretched hive of scum and villainy, but how
>> widespread is that view, and is it a concern to anyone involved with
>> the project? Has it been studied/researched at all?
>>
>> -J
>
> It would be a good idea to stop using loaded cartoon terms for it such as 
> Dark Web.

But but that's where the scum and villainy hang out :) More seriously,
agreed - names matter. On a similar note, "hidden services" was a
terrible name from the outset - kinda invited negative connotations.
Yay for onion sites, I guess.

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[I]

> Separately, I'm personally curious about Tor's reputation. Sure, some
> people paint it as a wretched hive of scum and villainy, but how
> widespread is that view, and is it a concern to anyone involved with
> the project? Has it been studied/researched at all?
> 
> -J

It would be a good idea to stop using loaded cartoon terms for it such as Dark 
Web.

 


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Jon Tullett]

Blog post refers:
http://www.hackerfactor.com/blog/index.php?/archives/773-Tor-and-the-Perfect-Storm.html

Leaving aside the accusations of bias in the first part, what is the
view of the proposal to force hidden services to rotate addresses?

It appears to be philosophically anathema to Tor, and probably
unworkable since it makes no attempt to account for jurisdictional
differences. Still, I'd be interested to hear whether it provoked any
real debate within Tor, or whether similar proposals have been
considered in the past.

Separately, I'm personally curious about Tor's reputation. Sure, some
people paint it as a wretched hive of scum and villainy, but how
widespread is that view, and is it a concern to anyone involved with
the project? Has it been studied/researched at all?

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk