Second, to anyone crawling hidden services or crawling over tor, please run a relay or decrease your hop. Don’t sacrifice other’s desperate need for anonymity for your $whatever_purpose_thats_probably_not_important. It could be some fun thing to do for you, but some people are relying on tor to use the free, secure and anonymous Internet.
People who actually need anonymity need to hide among traffic that is boring. If you reduce the number of hops your crawler is using, you're reducing the amount of boring traffic and making it easier to find the interesting people.
Running a relay in addition to using Tor in the normal way is a good idea, however, as it increases the bandwidth of the network.
In fact it is a bit more severe than that as you are effectively deanonymizing yourself. If everyone else is using a 3-hop circuit but your crawler is using just 2 hops, it wouldn't take much effort to isolate your activity in the network since you're effectively standing out.
But if the received wisdom becomes "if you're not rebelling against an oppressive regime, you should only be using 1 hop" then the advice has real harmful effects.
That is correct. Tor Project has really struggled with negative connotations in the media with the so called "dark web" so I believe the terminology does play a part.
A polite suggestion, but this is not currently possible.
The Tor Project recently added a consensus flag which can globally disable single hop client connections as a DDoS mitigation approach. It is currently enabled. (DoSRefuseSingleHopClientRendezvous)
It's now just "Tor" and when accessing hidden services it isnt really a proxy. The Onion Router acronym went away back with the vidalia proxy. But i do miss the oldschool torbutton. It was fun.
> The dark web is a vast groups of services that cannot be accessed without using special software
This takes me to the 1990's.... "groups of services that cannot be accessed without using special software" definitely matches NNTP, FTP, SMTP, SSH, HTTP, etc.
Simple. Imagine you are using tor and one of the relay has problems(unstable, high latency or packet loss). You don’t know which of the 3 hops failed. We have no option but to build a new circuit and we don’t want that. That’s why tor needs stable, trustworthy relays.
From tor blog:
A new relay, assuming it is reliable and has plenty of bandwidth, goes through four phases: the unmeasured phase (days 0-3) where it gets roughly no use, the remote-measurement phase (days 3-8) where load starts to increase, the ramp-up guard phase (days 8-68) where load counterintuitively drops and then rises higher, and the steady-state guard phase (days 68+).
> We have no option but to build a new circuit and we don’t want that.
That's true, you never want to rebuild the circuit. But it strikes me that the idea that this is avoidable falls into at least two of the Eight Fallacies of Distributed Computing[1], namely "The Network Is Reliable" and "Topology Doesn't Change".
If we instead assume that the network isn't reliable, and topology does change, then instead of eliminating unreliable nodes and being conservative with changes to the topology, we would focus on reducing the costs of rebuilding a circuit so that network unreliability and topology changes aren't disastrous.
But it sounds like the Tor team has instead decided to bolster these assumptions, to make them less of assumptions; trying to make the network as reliable as possible and trying to make the topology change as little as possible.
I don't mean this to be a harsh criticism of the Tor team. I'm an outsider, and beyond an uncompromising privacy constraint, I don't know all the constraints Tor was built under. I'm sure the tradeoffs made by the Tor team make sense within the context of their constraints. Obviously, the Tor network works well enough to have a large user base, so they have provided a good-enough solution.
But I wonder if changes could be made to Tor's design in the future which would allow quicker adding and removing nodes, and handle network reliability issues better, so that Tor would be faster.
One possibility which stands out to me is to pool circuits and load-balance between them, so that if a circuit begins to have issues, you still are connected along other circuits while you build a new circuit to replace the unreliable one. This possibly would run into issues where correlate could correlate traffic from different circuits to unmask clients, so you'd have to be careful, but I'm not sure these problems would be insurmountable.
But remember: What tor is doing is hard. They are doing complex crypto, networking, security.... The hard stuff. The real stuff. Torproject is a nonprofit organization with limited capabilities. They are doing their best. It took 3 years to design and implement dos mitigation techniques, for example.
Your proposed plan could take over 10 years, even for a well funded corporation. It might take time and fail. It might create huge vulnerability due to code complexity. Afaik, tor can’t risk that.
Well if we made a BLOCKCHAIN where you had to give a certain amount of bandwidth for torcoins then cash them in for bandwidth you could use...
I mean, it's a dumb idea, but until you force people to contribute, most won't. I've looked at doing it, but didn't want to deal with legal headaches b/c creepy pedos use tor, too.
Running large requests over many hops takes up limited Tor resources so it makes using Tor slower/harder for other people. Decreasing the amount of hops means that you use less resources, running your own relay means that you provide resources to others.
I think by a technical definition, every company intranet would count (minus some poor security configurations). But that doesn't really seem to be a fair companion to the more commonly discussed dark web.
The "not illegal" part is the catch here. Something can be illegal but still legitimate if the laws are illegitimate. Someone trying to exercise freedom of speech or the press under an oppressive regime would need anonymity to avoid being jailed or killed.
I think this is an important cultural reframing that needs to occur, sooner rather than later.
Most people, when they hear of things like "the dark web" and cryptocurrency think about the massively publicized instances of drug trafficking and ordering a hit on someone.
It's going to take a lot of work to reframe the utility and purpose of them to a more universal, humanitarian angle.
People in this world live in oppressive circumstances. This should be viewed as a step toward helping them not be systemically silenced.
Under the idea of legitimate and illegitimate use, why wouldn't drug trafficking be legitimate? It gets drugs off the streets, decreases violence compare to street level drug dealing, increases safety (while the reputation of online sellers isn't a great metric, we are talking relative to the person on the street corner), and generally involves only adults.
If one is willing to argue that the US government throwing someone in a cage because the grew or bought the wrong plant is legitimate, then I don't see how they have any standing to complain about China doing something for someone who held up the wrong sign at a protest.
I suspect that since illicit drug trafficking has a strong social stigma, it may not be the best thing to lead with. It can, however, be discussed with nuance in a way that could change minds. I definitely think there's a lot of legitimacy to what you're saying.
Reminds me a bit of what you see with how some societies approach drug addiction. Providing a safe space with clean needles vs throwing in a prison. There's a lot to think about.
And I think we've seen some of that with the marijuana legalization across the US. The state adoption had strong initial resistance, but public opinion began to shift once it got out of the shroud of stigma and moral enforcement.
Aside from situations like China where state censorship of history and news are an actual thing, or in situations where whistleblowers need to protect their identity... Some people just want privacy.
Give me a solid reason for why you want corporations and governments to have access to detailed records of everything you do online.
There's value in that data to certain groups of people and we may not like what the future looks like once that value is tapped to its potential.
Anonymity allows you to sow an action without reaping the societal karma of the action.
In a good, free society, maybe anonymity isn’t important.
But in a bad society, one in which collaboration on a cause is punished, but each individual desperately wants to collaborate and change something fundamental...
Anonymity allows the planning of synchronized action.
——
Mass or targeted misinformation also threatens the planning of synchronized action.
> In a good, free society, maybe anonymity isn’t important
There is something of a Catch 22 here I think. A society in which it's difficult or costly to be do something anonymously is essentially a society with total surveillance.
And it seems intuitive that a surveillance state is not good or free.
So there is an argument you can make that good and free societies should allow anonymity even if they are the sort of society where it is least needed.
How exactly can a stalker track me online if I simply stop logging in to services? Honest question, because I don't know why Tor would be any better than simply browsing in incognito mode
IP addresd is the big one, but there are other things that let you narrow down users on the same IP or a user switching between IPs, like tracking cookies, identification of which subset of hardware your GPU falls into based on how it renders some WebGL stuff (which can sometimes allow identification of a specific model of phone, especially when combined with other fingerprinting methods), specifics of screen size, what plugins/extensions you have installed at specific version numbers, etc. Tor only directly addresses the IP point, but the Tor browser should be disabling that other leaky browser stuff as well. I think they were accidentally leaking IPs through WebRTC a while back, or something like that, and I'm sure there will be more issues going forward.
You still are sending packets over your router, to your ISP, out into the internet, and to the destination server. You leave fingerprints everywhere (browser, os, resolution, fonts, enabled features, cookies, etc.) Forever cookies, DNS cookies. The list goes on.
You are being tracked at the very least as an abstract person. If any of the above fingerprints are linked to a real identity (logging in just once even, or posting your email on a forum) then you are now being tracked even logged out.
If you use Tor and log into services it has no benefits. Tor, the browser and other distributions, will still leave fingerprints but they will no longer be unique and match only you but everyone using tor.
Tor, the protocol, will hide that you are the one receiving or sending packets.
"why Tor would be any better than simply browsing in incognito mode"
Incognito mode does nothing to hide packets or source/destination you are communicating to. Your ISP could literally pull up all non-https sites you visited along with their content, assignable to you, airstrike, as a person. Tor would block this.
Would you mind posting your full name and personal details here please now? If not, then is seems you are also (desperate) in need of being anonymous right now...
Circumventing censored websites is a legitimate use. VPNs are more popular but the thing is that the VPN obviously knows who you are and what you're browsing. Tor makes you anonymous to the middleman as well. Tor wouldn't know if you're watching porn but a VPN would. By the way, that's not a recommended use of tor since you consume a decent amount of bandwidth (:P)
The whole idea is to enable it for positive legitimate uses that are illegal. If it isn't illegal, then you really don't need that level of anonymity and there are simpler technical solutions that don't give up as much quality.
Whistleblowing for one, though legality is questionable I suppose. To me this falls under the more general premise of fighting back against a (perceived or otherwise) tyrannical govt or organization, a very grey legal area.
Second, to anyone crawling hidden services or crawling over tor, please run a relay or decrease your hop. Don’t sacrifice other’s desperate need for anonymity for your $whatever_purpose_thats_probably_not_important. It could be some fun thing to do for you, but some people are relying on tor to use the free, secure and anonymous Internet.