Viewing a single comment thread. View all comments

ziq wrote

What's going on with tor?

1

aiwendil OP wrote (edited )

Well, there is the whole Jacob Applebaum sex scandal thing. Also all the darknet market busts that happened. Seemed like people were careless about letting personal information slip, but really when running a project like that you don't have to be that careless. With all the attention you will get running a darknet site, where ever it happens to be that you slipped up is going to come out eventually. However, Sessions made some cryptic claims about people not being as anonymous as they think they are with tor and shortly there after Lucky green quit saying something along the lines of having to step down for ethical reasons. It seems like a lot of attacks on the credibility of tor all at once. I think it is time for some serious community auditing, because between Lucky's cryptic statements and Sessions' cryptic statements, I am starting to think the is some FISA gag order shit happening. Obviously that is just my impression, I have absolutely no proof, but it just seems like a lot of bad press lately.

In addition to what I covered in this post, I've also been running a script I wrote similar to needl from a few vm's to try to create a lot of dummy traffic through various entry and exit nodes as well as from the computer I typically browse through, so usage meta data theoretically becomes more difficult to collect, but I don't recommend others do this yet as running this code could be potentially identifying in and of itself.

I would like to see tor adopt something like i2p's system for combining multiple packets into one, so it becomes impossible to tell which, if any packet originated from your computer. Also having all computers on the network routing packets seems like another good idea... Also having separate tunnels for inbound and outbound taffic seems like a good idea. Ultimately I think I2P would be the future if there were more outproxy/exit nodes.

All that said, if tor has been infiltrated or compromised from the inside, none of this matters. So I2P's system of keeping the developers pseudonymous is probably a something tor should adopt as well. We don't need to know who the developers are in order to accurately audit the code...

I know that is a lot, but the darknet world is a kind of scary place right now. I could only find one country with favorable laws regarding data retention and they block hidden services somehow, so there are a lot of problems to address.

2